Prepared by: ACHINTYA KUMAR ROY

DSSD ,C-DAC HYDERABAD

11-04-2015 1Prepared by ACHINTYA KUMAR ROY

11-04-2015 2Prepared by ACHINTYA KUMAR ROY

* It is an E-commerce application for payment system.

* To know about 3D secure password , we need to know about 3D and then 3D secure.

* 3D stands for 3 Domains here.

* 3D secure is an XML based protocol to implement the better security to the credit & Debit cards transaction.

* so the password formed by 3D secure protocol is called 3D secure password.

1. ACQUIRER DOMAIN

The merchant to which money is being paid.The merchant to which money is being paid.

2. ISSUER DOMAIN

The bank which issued the card being used .The bank which issued the card being used .

3. INTEROPERABILITY DOMAIN

The infrastructure provided by the credit or debit card The infrastructure provided by the credit or debit card company company to support 3D protocol.to support 3D protocol.

11-04-2015 3Prepared by ACHINTYA KUMAR ROY

11-04-2015 4Prepared by ACHINTYA KUMAR ROY

11-04-2015 5Prepared by ACHINTYA KUMAR ROY

11-04-2015 6Prepared by ACHINTYA KUMAR ROY

11-04-2015 7Prepared by ACHINTYA KUMAR ROY

* * It was firstly developed by the company ‘It was firstly developed by the company ‘VISAVISA’ and gave the name’ and gave the name “ “ Verified by VISA”.Verified by VISA”.

* Now it is adopted by ‘* Now it is adopted by ‘Master Card Master Card ‘ they give it the name ‘ they give it the name “ “Master Card SecureMaster Card Secure””

• Basically 3-D secure password is used to provide the better security Basically 3-D secure password is used to provide the better security to the Customers for Transactions in the to the Customers for Transactions in the Online Payment SystemOnline Payment System..

• • For online purchasing mostly we have to pay For online purchasing mostly we have to pay Digital cash Digital cash so we so we have to deal online then it includes have to deal online then it includes BankBank , , MerchantMerchant and and CustomerCustomer. . So there is requirement of security from fraud and money theft.So there is requirement of security from fraud and money theft.

• • It is being used for removing the risk over the Internet so that the It is being used for removing the risk over the Internet so that the customer can feel free in doing customer can feel free in doing Online transactionOnline transaction..

11-04-2015 8Prepared by ACHINTYA KUMAR ROY

11-04-2015 9Prepared by ACHINTYA KUMAR ROY

• This protocol uses This protocol uses XML messages XML messages sent over sent over SSL connections SSL connections with client with client authentication .authentication .

• This is a one time process which takes place on the card issuer’s website involves This is a one time process which takes place on the card issuer’s website involves the cardholder answering several the cardholder answering several security questionssecurity questions to which only the card will know to which only the card will know the answer .the answer .

• • The cardholder selects a password and agrees on secret phrase , which will be used The cardholder selects a password and agrees on secret phrase , which will be used by the card issuer during each online transection.by the card issuer during each online transection.

11-04-2015 10Prepared by ACHINTYA KUMAR ROY

In order to use this service, In order to use this service, VISAVISA and and MASTERCARDMASTERCARD member bank member bank has to operate a compliment software that supports the latest 3D has to operate a compliment software that supports the latest 3D Secure protocol specifications . Once compliment software is installed , Secure protocol specifications . Once compliment software is installed , the member bank will perform product integration testing with the the member bank will perform product integration testing with the payment system server before it rolls out the system. payment system server before it rolls out the system.

11-04-2015 11Prepared by ACHINTYA KUMAR ROY

1. ACS Providers (Access Control Server).1. ACS Providers (Access Control Server).

2. MPI Providers (Merchant Control Server).2. MPI Providers (Merchant Control Server).

11-04-2015 12Prepared by ACHINTYA KUMAR ROY

1311-04-2015Prepared by ACHINTYA KUMAR ROY

In 3D Secure protocol ,In 3D Secure protocol ,ACS (Access Control ServerACS (Access Control Server) is on the ) is on the issuer side(banks).Currently , most of the banks outsource issuer side(banks).Currently , most of the banks outsource ACS ACS to a to a third party. Commonly on customers web browser shows the third party. Commonly on customers web browser shows the domain name of the domain name of the ACS ACS provider , rather than bank’s domain provider , rather than bank’s domain name. Dependent on name. Dependent on ACSACS provides ,it is possible to specify a bank provides ,it is possible to specify a bank owned domain name for the use by the owned domain name for the use by the ACSACS..

Visa and MasterCard don’t allow merchants for sending request to Visa and MasterCard don’t allow merchants for sending request to their server. So merchants isolate their servers by licensing their server. So merchants isolate their servers by licensing software providers which are called software providers which are called MPI (merchant plug in) MPI (merchant plug in) providers.providers.

11-04-2015 14Prepared by ACHINTYA KUMAR ROY

11-04-2015 15Prepared by ACHINTYA KUMAR ROY

To get 3D password you have to register yourself with To get 3D password you have to register yourself with your bank before shopping. It has 2 steps.your bank before shopping. It has 2 steps.

11-04-2015 16Prepared by ACHINTYA KUMAR ROY

11-04-2015 17Prepared by ACHINTYA KUMAR ROY

Step 1Step 1

11-04-2015 18Prepared by ACHINTYA KUMAR ROY

Step 2Step 2

11-04-2015 19Prepared by ACHINTYA KUMAR ROY

Reduction in “ Unauthorized transactions” Reduction in “ Unauthorized transactions” CHARGECHARGE BACKBACK..

More More securitysecurity and and reliabilityreliability..

More security means more of the customers ,more More security means more of the customers ,more transactions which ultimately means more profit.transactions which ultimately means more profit.

11-04-2015 20Prepared by ACHINTYA KUMAR ROY

Decreased Risk of Fraud for Online Payments.Decreased Risk of Fraud for Online Payments. Better Password Security.Better Password Security. Better Online Shopping Experience.Better Online Shopping Experience.

11-04-2015 21Prepared by ACHINTYA KUMAR ROY

For the Merchant it can be too expensive because in purchasing Software , monthly fee , setup fee , per transaction fee so Customer has also face these expenses .

There may be more phishing attacks with unfamiliar domains because of vendor’s MCS and outsourced ACS implementations by issuing banks.

11-04-2015 22Prepared by ACHINTYA KUMAR ROY

It was officially launched in It was officially launched in 2007 2007 and now most of the banks are working and now most of the banks are working with this.with this.

ICICI ICICI and more banks are working on implementing on 3D secure.and more banks are working on implementing on 3D secure.

As now more than 100 vendors are developing 3D secure.As now more than 100 vendors are developing 3D secure.

Current version 1.0.2 Current version 1.0.2 is running with high performance.is running with high performance.

11-04-2015 23Prepared by ACHINTYA KUMAR ROY

11-04-2015 24Prepared by ACHINTYA KUMAR ROY

• www.wekipedia .org .org

• www.google.com

• www.authorstream.com

• www.ijesit.com

2511-04-2015Prepared by ACHINTYA KUMAR ROY

11-04-2015 26Prepared by ACHINTYA KUMAR ROY