How to simplify the verification of a bank card holder for online payments?
Compare 3-D Secure and CheckCode (Payture).
Banking solutions: 3-D Secure (Verified by Visa, MasterCard SecureCode and JCB J / Secure).
The 3-D Secure technology, which is announced as additional protection against a card fraud for all participants in a transaction, ultimately shifts the responsibility to ordinary cardholders. If the purchase was made by a fraudster using 3DS, the cardholder will not be refunded. At the first stage, it is necessary to enter card details (on the TSP or gateway side), at the second stage, the code of the issuing bank must enter a code (dynamic or static) confirming authorization. The security level of payments with 3DS is high, but does not provide a 100% guarantee. In addition, the payment process itself is complicated. The use of such technologies forces the buyer to move from page to page of different sites and has a bad effect on the conversion of online payments.
3DS is a user authentication protocol on the issuer's website that is needed to provide additional security for online payments by credit card. The protocol was developed for the international payment system VISA, then services based on it were implemented by MasterCard, American Express and JCB International.
')
Non-bank solutions: CheckCode.
When conducting a financial transaction in the online store there are only two main players - the online store itself (TSP) and the buyer. The rest (IPS, bank, payment gateway), who receive a percentage of the transaction, the main thing is to disclaim responsibility for fraud, since the profit from one transaction is tiny and the consequences can be serious. Therefore, our way of verifying the authenticity of the cardholder has been developed in accordance with the needs of our customers (online shopping) and simplifying their work with customers.
CheckCode is an authentication protocol that allows TSPs to verify the user independently of the ICS and banks, and does not require significant effort from the buyer when making a payment in the online store. The essence of the invention lies in the difference between the sent and received signal (alphanumeric code) during the interaction of the acquirer and issuer systems. If the signal sent and received match, cardholder authentication is considered successful. Otherwise, the card holder is considered unverified.
More details. At the first stage, the merchant shipping block a small amount on the card of the holder indicating in one of the fields of the authorization request - a dynamic code. For the code, the authorization request field is used, which will necessarily be included in the check and bank statement. As a result, the required verification code knows only the merchant cardholder and the card holder. The cardholder can find out the code via the Internet bank (mobile bank), via SMS alert or by calling the bank's support service (in any case, the cardholder must first log in to the Internet bank at least once). On the PTP page, the buyer is informed of the name of the field in which the code is located, and indicate the place where it should be entered. To verify the authenticity of the cardholder, the merchant compares the sent and entered code.
The main conditions of the protocol:
Banking solutions: 3-D Secure (Verified by Visa, MasterCard SecureCode and JCB J / Secure).
The 3-D Secure technology, which is announced as additional protection against a card fraud for all participants in a transaction, ultimately shifts the responsibility to ordinary cardholders. If the purchase was made by a fraudster using 3DS, the cardholder will not be refunded. At the first stage, it is necessary to enter card details (on the TSP or gateway side), at the second stage, the code of the issuing bank must enter a code (dynamic or static) confirming authorization. The security level of payments with 3DS is high, but does not provide a 100% guarantee. In addition, the payment process itself is complicated. The use of such technologies forces the buyer to move from page to page of different sites and has a bad effect on the conversion of online payments.
3DS is a user authentication protocol on the issuer's website that is needed to provide additional security for online payments by credit card. The protocol was developed for the international payment system VISA, then services based on it were implemented by MasterCard, American Express and JCB International.
')
Non-bank solutions: CheckCode.
When conducting a financial transaction in the online store there are only two main players - the online store itself (TSP) and the buyer. The rest (IPS, bank, payment gateway), who receive a percentage of the transaction, the main thing is to disclaim responsibility for fraud, since the profit from one transaction is tiny and the consequences can be serious. Therefore, our way of verifying the authenticity of the cardholder has been developed in accordance with the needs of our customers (online shopping) and simplifying their work with customers.
CheckCode is an authentication protocol that allows TSPs to verify the user independently of the ICS and banks, and does not require significant effort from the buyer when making a payment in the online store. The essence of the invention lies in the difference between the sent and received signal (alphanumeric code) during the interaction of the acquirer and issuer systems. If the signal sent and received match, cardholder authentication is considered successful. Otherwise, the card holder is considered unverified.
More details. At the first stage, the merchant shipping block a small amount on the card of the holder indicating in one of the fields of the authorization request - a dynamic code. For the code, the authorization request field is used, which will necessarily be included in the check and bank statement. As a result, the required verification code knows only the merchant cardholder and the card holder. The cardholder can find out the code via the Internet bank (mobile bank), via SMS alert or by calling the bank's support service (in any case, the cardholder must first log in to the Internet bank at least once). On the PTP page, the buyer is informed of the name of the field in which the code is located, and indicate the place where it should be entered. To verify the authenticity of the cardholder, the merchant compares the sent and entered code.
The main conditions of the protocol:
- check is carried out in real time until the moment of debit
- verification is carried out using the available features of the IPU and banks
- TSP can check the cardholder of any bank, any country and regardless of the currency of payment (country / account)
- uses the functionality of automatic notification by the issuer of the holders of their cards
- the check does not require additional customer transitions between sites
- check does not require changes in the hardware and industrial complex of banks and IPU
Source: https://habr.com/ru/post/250729/
All Articles