Our activity on the web is increasing every day. There is hardly a person today who does not buy or sell online. That’s why both customers and retailers want to make online transactions more secure. It can prevent them from undesirable money losses. There are a lot of fraud protection mechanisms which are currently used by businesses, 3-D Secure is one of them.
3-D Secure is an XML based protocol providing additional protection for cardholders’ data when e-commerce transactions take place. It adds additional authentication step. Let’s find out how it works.
First the card should be verified through MPI (merchant plug-in). MPI is a module which checks whether the card is enrolled in the 3-D secure program. The next step is cardholder’s identification: a customer needs to enter the code previously associated with the card. During the transaction a cardholder needs to enter it once again to confirm his identity otherwise the transaction will not be processed. Due to the security requirements the customer must be redirected to the issuing bank website and enter the value there. PARES, verification results, will be received by software that made the MPI verification query. It includes three fields: ECI, CAVV and XID (the explanation can be found here).
Generally, a payment gateway needs to support two use cases. When the payment page is used the 3-D Secure verification process can be incorporated in the common check out process. In case when customers send their queries directly through the API additional redirection to the issuing website is required.
More detailed explanation of this issue can be found in the new publication at #UniPayGateway.