-->

Thursday, 28 June 2012

E-MONEY AND SECURITY


With the advancement in technology and the increasing internet culture has made online shopping an attractive option for many internet users. But the fear of being cheated and fraud is on their minds, are the online transactions safe, will the product delivered will be the same they have seen, and many other questions.

The answer to all these questions is yes. If the site is genuine and the payment gateway tied up with that site is genuine then definitely your transactions are safe. All the transactions are safe because of encryption i.e. your username, password, merchant details, payment to be provided, pin numbers etc. all are in the highly encrypted manner and no intruder can have access to that information.

MasterCard has started MasterCard Online Authentication Service (OAS) that meets the needs of all e-commerce participants by offering flexible and robust solutions for online payment authentication. MasterCard provides high level of authentication to the user. There are choices of different types of authentication at different levels of security like:

Static password: In this most basic approach the cardholder is typically allowed to create his/her own personal password on the hosted, issuer-branded web site, after answering several enrollment questions. Cardholders may also “Activate-during-shopping” at participating merchants.

Dynamic password Via SMS Text message: Cardholder portfolios with high levels of mobile phone penetration are also candidates for this solution which delivers a dynamic password to the purchasing cardholder on a just-in-time basis. The MasterCard service can generate the one-time-password and route the SMS text message to the cardholder on behalf of the issuer, or send the message to the bank to handle with their SMS carrier.

Chip Authentication program (CAP) & AA4C

HOW IT WORKS


 
1. A cardholder submits an order at a participating online merchant.

2. The merchant sends a request to the MasterCard directory server to determine if the cardholder participates in the SecureCode program. The MasterCard directory subsequently forwards this request to the Hosted Service Access Control Server (ACS) to determine cardholder status. The enrollment response is returned to the merchant.

3. If the cardholder is participating in SecureCode, the merchant sends a request to the Hosted Service ACS to perform the actual cardholder authentication. Upon receipt of this request, the ACS will populate an issuer-branded authentication page, which is displayed to the cardholder within the merchant window. This page prompts the cardholder to submit their private SecureCode, which is then validated by the ACS.

4. The Hosted Service ACS sends a digitally signed response which contains the Accountholder Authentication Value (AAV)—back to the merchant indicating a successful cardholder verification session.

5. The merchant sends an authorization request that includes an AAV to the acquirer.

6. The acquirer sends the authorization request through the MasterCard authorization network. This authorization request will contain distinctive information about the SecureCode status of the transaction. A fully authenticated transaction will contain an AAV in the Universal Cardholder Authentication Field (UCAFTM).

7. The authorization request is sent by the MasterCard authorization network to the issuer for processing.

8. The authorization response is returned to the merchant and the purchase process is complete.

No comments:

Post a Comment