Description and Basic Aspects
The basic concept of the protocol is to tie the financial authorization process with an online authentication. This authentication is based on a three domain model (hence the 3-D in the name). The three domains are:
- Acquirer Domain (the merchant and the bank to which money is being paid).
- Issuer Domain (the bank which issued the card being used).
- Interoperability Domain (the infrastructure provided by the card scheme, credit, debit, prepaid or other type of finance card, to support the 3-D Secure protocol). Interoperability Domain includes the internet, MPI, ACS and other software providers
The protocol uses XML messages sent over SSL connections with client authentication (this ensures the authenticity of both peers, the server and the client, using digital certificates).
A transaction using "Verified by Visa" or SecureCode will initiate a redirect to the website of the card issuing bank to authorize the transaction. Each issuer could use any kind of authentication method (the protocol does not cover this) but typically, a password-based method is used, so to effectively buy on the Internet means using a password tied to the card. The Verified by Visa protocol recommends the bank's verification page to load in an inline frame session. In this way, the bank's systems can be held responsible for most security breaches. Today with the ease of sending white listed text messages from registered bank senders, its easy to send an one time password as part of a SMS text message to users mobiles and emails for authentication. At least during enrollment and for forgotten passwords.
The main difference between Visa and MasterCard implementations resides in the method to generate the UCAF (Universal Cardholder Authentication Field): MasterCard uses AAV (Accountholder Authentication Value) and Visa uses CAVV (Cardholder Authentication Verification Value).
Read more about this topic: 3-D Secure
Famous quotes containing the words description, basic and/or aspects:
“The next Augustan age will dawn on the other side of the Atlantic. There will, perhaps, be a Thucydides at Boston, a Xenophon at New York, and, in time, a Virgil at Mexico, and a Newton at Peru. At last, some curious traveller from Lima will visit England and give a description of the ruins of St. Paul’s, like the editions of Balbec and Palmyra.”
—Horace Walpole (1717–1797)
“Nothing and no one can destroy the Chinese people. They are relentless survivors. They are the oldest civilized people on earth. Their civilization passes through phases but its basic characteristics remain the same. They yield, they bend to the wind, but they never break.”
—Pearl S. Buck (1892–1973)
“The power of a text is different when it is read from when it is copied out.... Only the copied text thus commands the soul of him who is occupied with it, whereas the mere reader never discovers the new aspects of his inner self that are opened by the text, that road cut through the interior jungle forever closing behind it: because the reader follows the movement of his mind in the free flight of day-dreaming, whereas the copier submits it to command.”
—Walter Benjamin (1892–1940)