3DSecure is a technology which allows the 3 domains of a payment process to work collaboratively together for the purpose of authenticating a card holder and obtaining the authorization from card holder before money is taken from card. These 3 Domains are: merchants, card holders and Financial Institutions (Issuers, Acquirers and Card Schemes).
Ecommerce was born broken
When cards were introduced in the 1950's, card holder authentication was strongly catered for. The physical possession of a card itself was authentication proof, the merchant compared signatures with signature on back of card and additional proof of ID could be collected.
Credit cards are perfect for ecommerce. They are an automated, scalable payment process, available 24/7. A payment takes seconds to complete and currency conversion is not a problem.
But credit cards were never designed to be used on the internet. The merchants who jump started ecommerce, they did so at their own risk. Any payment they received could be taken back from their bank account even six months later and they would be further fined for the inconvenience of being robbed!
An Issue of Trust
How do you get a group of people to work together when they cannot trust each other? This is the situation with payment processing.
An Issuing and Acquiring Bank cannot trust each other. An Acquiring Bank needs to collect a card number and pass it to the Issuing bank without ever being in a position to identify the card holder and in any way lure the card holder to become its client, while having every financial incentive to do so.
A Card Holder cannot trust a merchant with their card details.
A Merchant cannot trust a card holder not to avoid affecting a payment.
Banks cannot trust the Card Schemes to talk directly to their Merchants or Card holders.
This lack of trust is the reason why authentication is the big weakness of card payments. A card number cannot even be checked against the name on card.
3DSecure solves the problem of authentication; it eliminates the fundamental weakness of credit card use for ecommerce. 3DSecure does not patch the problem of fraud; it expunges the problem at the roots.
3DSecure achieves a number of important objectives:
It stops Fraud from happening in the first place
It allows Issuers to confidently authorize payments, even large value transactions
It increases approved transactions for merchants
It allows Merchants to accept payments without fear of fraud and chargebacks
It eliminates the need for complex, expensive fraud detection or prevention solutions.
It allows Banks, Merchants, Card Holders and the Card Schemes to collaborate successfully without loss of privacy, identity disclosure or trust issues
It does away with the necessity to create alternative payment methods to credit cards
It greatly improves transparency during a payment process
It creates a distributed system of security
Even Security for card present is being upgraded. Chip &Pin (EMV) creates a system of authentication by embedding a computer chip inside the plastic itself.
Building a Better 3DSecure
Endeavour 3DSecure is built on a decade of experience; solving frequent 3DSecure complaints, while providing the best experience possible for Merchants, Banks and Cardholders.
The Issuer chooses the preferred authentication method. Endeavour ACS supports SMS, OTP, Security hardware tokens, Mobile 2-factor Authentication.
Endeavour also uses fraud detection technology to optionally use an elective approach to authentication. Rather than authenticate every transaction, Endeavour's Rules Engine gives the ability to require authentication selectively, rather than repetitively.
One of the main challenges for merchants implementing 3DSecure is the ability to test their integration. Endeavour features a full test environment, including a simulation of an Issuing Bank and corresponding test cards.
Test cards are configurable. Acquirers and Payment Gateways can add their own test cards.
Endeavour even directly supports PIT testing directly in the product; a merchant can be switched to PIT mode and the MPI will automatically connect to the PIT directories at the card schemes, instead of the production directories.
Endeavour's ability to run detailed reports is very important; it allows problems to be quickly detected, understood and resolved. For example a problem with an Issuer is quickly identified.
Reporting is further enhanced with the use of info graphics and Endeavour offers a wide range of info graphics, including tree diagrams, pie charts, bar charts and star charts. These info graphics use colours to categorize different outcomes for 3DSecure transactions or to differentiate between card schemes, conveying information clearly and in a powerful way.
Endeavour 3DSecure is fully PCI compliant, running from ISO Certified data centre. PCI compliance is built directly into the product at its very core. Tokenization is used instead of storing card information. Logs are automatically filtered to detect and filter out card numbers.
Endeavour wins on cost effectiveness at three different levels
Better implementation of 3DSecure to ensure that Merchants and Card holders have the maximum level of authorizations, while using 3DSecure to eliminate fraud and chargebacks at source.
Lower cost of ownership by turning a complex technology into something which is easy to use for merchants, gateways, banks and card holders. Reliability, scalability and positive experience for card holders is part of this measure.
A hosted, managed 3DSecure solution providing pay-as-you-go Software-as-a-Service Model. This lowers costs for both MPI and ACS components, while ensuring that software is improved and updated continuously, and the best technology is running at peak performance.
3DSecure is the solution for Ecommerce and Endeavour is the solution for 3DSecure.
Security in the 21st Century
Ecommerce is now an important component of the financial activity of any country and a threat to ecommerce is a threat to economic welfare.
Yet we live in an age of digital uncertainty, living our lives online in fear of hacking, theft of personal information and threat of financial loss.
3DSecure creates a DISTRIBUTED system of security. It does not rely on a single point of failure. It is also a framework of security, allowing new technologies to be incorporated, adapting and evolving.
Secrecy is at the heart of security. Democracy would not work so well if votes could not be cast in secret. A poker game where all the players know each other's cards would be hilariously short lived. 3DSecure creates the ability to make online payments, keeping confidential information secret and avoiding unacceptable weaknesses.
Welcome to a brave new world where online personal security is live and well.