20 July 2018
Frictionless Fraud Prevention
Sadra Boutorabi

Frictionless Fraud Prevention

Sadra Boutorabi - GPayments

4Posts 37,662Views 4Comments
Finextra community

Standards Forum

The Standards Forum is the place where business and standardisation meet. This group would like to facilitate and encourage dialogue around standardisation in the financial industry, and share views, insights and updates on how financial standards can contribute to reducing cost and increasing efficiency when tackling today's challenges such as automation, compliance, and regulation.

PCI Compliance and 3D Secure 2

02 May 2018  |  7790 views  |  0

Serious efforts have been made to combat against the ever-increasing levels of CNP (card-not-present fraud), which has jumped to record levels (around $14.2 billion annually) in recent years. Anyone that uses a credit card, consumers and vendors alike, is a potential target for this threat.

To maximize protection and increase consumer confidence towards online payments, the new 3-D Secure 2 protocol has been developed, along with various machine learning and biometrics algorithms. This protocol has been designed to fit within new standards set by the PCI SSC (Payment Card Industry Security Standards Council). These supporting standards are explained in three new documents:

  • The PCI 3DS Core Security Standard is the main document, and provides specifications and defines security measures for data types, transaction processes, and environments. Since environments can vary between merchants/issuers, these specifications are focused more on transaction environments as a general overview.
  • PCI 3DS Data Matrix is used to categorize the various types of data types used within 3D Secure transactions and determine whether the data is valid or not. The two main categories are 3DS Sensitive Data and 3DS Cryptographic Keys.
  • PCI 3DS SDK ensures that any mobile application that uses 3DS has pre-defined security standards.

These documents can be viewed on the PCI website.

The new PCI standards apply to and support the three domains that make up the 3DS protocol:

  • The Merchant/Acquirer Domain (3DS Server), where the bank or the merchant handles payment requests and other interactions in the requesting environment.
  •  The Interoperability Domain (3DS Directory Server), where the credit card company supporting 3DS authenticates, validates, routes, and maintains data flow between server entities.
  • The Issuer Domain (3DS Access Control Server) is managed by the bank issuing the card, and determines whether or not authentication is available for a specific card.

Since the main purpose of the new PCI Security Standards and 3DS protocol is to prevent fraudulent transactions by online criminals, the various functionalities are designed to specifically address the continually changing marketplace and rapidly increasing threat levels.


TagsSecurityMobile & online

Comments: (0)

Comment on this story (membership required)

Latest posts from Sadra

PCI Compliance and 3D Secure 2

02 May 2018  |  7790 views  |  0 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupStandards Forum

3D Secure 2.0 and PSD2, live together in perfect harmony

23 August 2017  |  14370 views  |  3 comments | recomends Recommends 2 TagsSecurityMobile & onlineGroupOnline Banking

Sadra's profile

job title Product Marketing Director
location Sydney
member since 2017
Summary profile See full profile »
Sadra has a passion for all things technical and his mission is to help build frictionless fraud prevention solutions and services for GPayments customers.

Sadra's expertise

Member since 2017
2 posts4 comments
What Sadra reads

Who's commenting on Sadra's posts

Milos Dunjic
Eli Talmor
Lu Zurawski
Kenneth Marritt