With
the advancement in technology and the increasing internet culture has made
online shopping an attractive option for many internet users. But the fear of
being cheated and fraud is on their minds, are the online transactions safe,
will the product delivered will be the same they have seen, and many other questions.
The
answer to all these questions is yes. If the site is genuine and the payment
gateway tied up with that site is genuine then definitely your transactions are
safe. All the transactions are safe because of encryption i.e. your username,
password, merchant details, payment to be provided, pin numbers etc. all are in
the highly encrypted manner and no intruder can have access to that
information.
MasterCard
has started MasterCard Online Authentication Service (OAS) that meets the needs
of all e-commerce participants by offering flexible and robust solutions for
online payment authentication. MasterCard provides high level of authentication
to the user. There are choices of different types of authentication at
different levels of security like:
Static
password: In this most basic approach the cardholder is
typically allowed to create his/her own personal password on the hosted,
issuer-branded web site, after answering several enrollment questions.
Cardholders may also “Activate-during-shopping” at participating merchants.
Dynamic
password Via SMS Text message: Cardholder portfolios
with high levels of mobile phone penetration are also candidates for this solution
which delivers a dynamic password to the purchasing cardholder on a just-in-time
basis. The MasterCard service can generate the one-time-password and route the
SMS text message to the cardholder on behalf of the issuer, or send the message
to the bank to handle with their SMS carrier.
Chip
Authentication program (CAP) & AA4C
HOW
IT WORKS
1.
A cardholder submits an order at a participating online merchant.
2.
The merchant sends a request to the MasterCard directory server to determine if
the cardholder participates in the SecureCode program. The MasterCard directory
subsequently forwards this request to the Hosted Service Access Control Server
(ACS) to determine cardholder status. The enrollment response is returned to
the merchant.
3.
If the cardholder is participating in SecureCode, the merchant sends a request
to the Hosted Service ACS to perform the actual cardholder authentication. Upon
receipt of this request, the ACS will populate an issuer-branded authentication
page, which is displayed to the cardholder within the merchant window. This
page prompts the cardholder to submit their private SecureCode, which is then
validated by the ACS.
4.
The Hosted Service ACS sends a digitally signed response which contains the
Accountholder Authentication Value (AAV)—back to the merchant indicating a
successful cardholder verification session.
5.
The merchant sends an authorization request that includes an AAV to the
acquirer.
6.
The acquirer sends the authorization request through the MasterCard
authorization network. This authorization request will contain distinctive information
about the SecureCode status of the transaction. A fully authenticated
transaction will contain an AAV in the Universal Cardholder Authentication
Field (UCAFTM).
7.
The authorization request is sent by the MasterCard authorization network to
the issuer for processing.
8. The authorization
response is returned to the merchant and the purchase process is complete.