3DS Authentication Protocol

Jun 4, 2024

Review flashcards

3DS Authentication Protocol

Introduction

  • Common Misconception: 3DS often thought of in the context of 3D movies.
  • Reality: 3DS is a secure authentication protocol designed to prevent fraud in online transactions.

Overview

  • Purpose: Help merchants prevent fraud in card-not-present (CNP) transactions.

Key Components

  1. 3DS Server: Gathers transaction details and metadata.
  2. 3DS Directory Server: Routes the authentication to the correct issuer.
  3. Access Control Server (ACS): Managed by the issuer, responsible for risk analysis.

How It Works

  1. Initiation: You make a purchase online or via mobile.
  2. Data Collection: Transaction details and metadata (e.g., card number) are collected and sent to 3DS components.
  3. Mutual Authentication: Occurs between 3DS server and directory server to establish trust.
  4. Routing: Directory server routes data to the appropriate issuer via the ACS.
  5. Risk Analysis: The ACS evaluates the risk based on metadata (location, time, transaction history, etc.).

Decision Process

  • Low Risk: If the risk is deemed low, the transaction is confirmed.
  • High Risk: If risk is insufficient, a challenge (e.g., PIN or security question) is sent to complete the authentication.
  • Failure: If authentication fails, the transaction is denied.

Benefits

  • Fraud Prevention: Multiple data elements and mutual authentication help secure CNP transactions.

Questions & Support

  • Contact Information: Reach out for more details or specific questions on how 3DS can benefit your organization.