Description and Basic Aspects
The basic concept of the protocol is to tie the financial authorization process with an online authentication. This authentication is based on a three domain model (hence the 3-D in the name). The three domains are:
- Acquirer Domain (the merchant and the bank to which money is being paid).
- Issuer Domain (the bank which issued the card being used).
- Interoperability Domain (the infrastructure provided by the card scheme, credit, debit, prepaid or other type of finance card, to support the 3-D Secure protocol). Interoperability Domain includes the internet, MPI, ACS and other software providers
The protocol uses XML messages sent over SSL connections with client authentication (this ensures the authenticity of both peers, the server and the client, using digital certificates).
A transaction using "Verified by Visa" or SecureCode will initiate a redirect to the website of the card issuing bank to authorize the transaction. Each issuer could use any kind of authentication method (the protocol does not cover this) but typically, a password-based method is used, so to effectively buy on the Internet means using a password tied to the card. The Verified by Visa protocol recommends the bank's verification page to load in an inline frame session. In this way, the bank's systems can be held responsible for most security breaches. Today with the ease of sending white listed text messages from registered bank senders, its easy to send an one time password as part of a SMS text message to users mobiles and emails for authentication. At least during enrollment and for forgotten passwords.
The main difference between Visa and MasterCard implementations resides in the method to generate the UCAF (Universal Cardholder Authentication Field): MasterCard uses AAV (Accountholder Authentication Value) and Visa uses CAVV (Cardholder Authentication Verification Value).
Read more about this topic: 3-D Secure
Famous quotes containing the words description, basic and/or aspects:
“I fancy it must be the quantity of animal food eaten by the English which renders their character insusceptible of civilisation. I suspect it is in their kitchens and not in their churches that their reformation must be worked, and that Missionaries of that description from [France] would avail more than those who should endeavor to tame them by precepts of religion or philosophy.”
—Thomas Jefferson (1743–1826)
“Our basic ideas about how to parent are encrusted with deeply felt emotions and many myths. One of the myths of parenting is that it is always fun and games, joy and delight. Everyone who has been a parent will testify that it is also anxiety, strife, frustration, and even hostility. Thus most major parenting- education formats deal with parental emotions and attitudes and, to a greater or lesser extent, advocate that the emotional component is more important than the knowledge.”
—Bettye M. Caldwell (20th century)
“That anger can be expressed through words and non-destructive activities; that promises are intended to be kept; that cleanliness and good eating habits are aspects of self-esteem; that compassion is an attribute to be prized—all these lessons are ones children can learn far more readily through the living example of their parents than they ever can through formal instruction.”
—Fred Rogers (20th century)