Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security Features

3DS Explained, Continued

Below is my edited explanation of the steps above; I've attempted to keep the discussion at level sufficiently simple for all to understand. If you require precise technical information regarding 3DS, then both Visa and MasterCard have downloadable documentation that is very detailed.

Step-1 The Shopper browses at merchant site, adds items to the shopping cart, then finalizes purchase.
Step-2 The Merchant Server sends information to the Directory Server; this acts as a traffic director that examines the initial number sequence of the credit card, and figures out which issuing bank is responsible for it.
Step-3 The Directory Server identifies the payer's issuing bank and queries that bank's Access Control Server (ACS) to determine if 3DS authentication is available. That is, has the payer enrolled in 3DS and been issued with a PIN or other pass phrase.
Step-4 The Banking ACS responds to the Directory Server.
Step-5 The Directory Server forwards the ACS response to the MPI-a plug-in piece of code on the merchant's site-to verify that the card holder is enrolled in 3DS. If not, then a traditional payment is processed.
Step-6 If the payer is enrolled in 3DS, then a Payer Authentication Request is made to the Issuing Bank's ACS via the shopper's browser.
Step-7 The ACS receives the Payer Authentication Request.
Step-8 The ACS authenticates the Shopper.
Step-9 The ACS returns the Payer Authentication Response to the MPI via the Shopper's browser device. The ACS sends the selected data to the Authentication History Server.
Step-10 The MPI receives the Payer Authentication Response.
Step-11 The MPI validates the Payer Authentication Response signature.
Step-12 The Merchant proceeds with authorization exchange with its acquirer.

Okay, so what does this all really mean?

In a nutshell, the card holder will be issued with a personal ID Code that is either a PIN or a passphrase. Having submitted the credit card information for validation, a screen will appear that requires the card holder to enter that ID Code. Their card's issuing bank will verify that the entered code is correct, and the payment process will continue.

For the card holder, 3DS will not mean a complete usability upheaval. For everyone else who is engaged in managing that process, however, the headaches are considerably bigger. Software development design and implementation is costly, and when you require that many organizations to intercommunicate, the process gets really difficult. There are Internet technologies that allow different systems to communicate and exchange data in real time. The number of possible technical glitches is huge, however, and the potential for such systems to go out of synch during transaction processing is considerable.

If you are a credit card holder who shops on the Internet, you should be feeling a bit nervous right now. All is not lost, however. 3D Secure is a merchant-oriented protocol, and it will certainly prompt merchants to put much more merchandise onto the Internet, but there is a price to pay. The fact is that 2 Factor Authentication must become the normal standard for card holder security. 3D Secure still does not eliminate fraud that may occur as a result of session hijacking and other techniques described in previous articles in this series.

More Stuff

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Folks,For over a long time I cannot get port forwarding work with openvpn on my RT-AC87u. If PPTP is engaged then all works but once openvpn is up all...
Hi,I have just added my first AiMesh node:Main AiMesh : RT-AC68U ( AP mode )Second Aimesh : RT-AC67UAll seems to work wells, but I have have noticed t...
Hi all,I friend of me has update his network, so I have a "new" ac56u.I have installed merlin and follow this guide (
Greetings,I have 2 issues with 384.15 firmware on my RT-AC86UIn firewall, if I select Respond ICMP Echo (ping) Request from WAN to NO, I can still pin...
Sorry if this has been answered already, but I couldn't find it searching....I have a simple home setup: ASUS RT-AC66U_B1 (connected to a DSL modem) w...

Don't Miss These

  • 1
  • 2
  • 3