Online transaction with 3D Secure

Sachith Fernando - Jul 23 '20 - - Dev Community

These days, Online transaction is a very popular topic because a lot of people mainly buy and sell their items online. But, Lot of people don't know how that transaction network happens. Therefore, they don't know how to prevent frauds in online credit and debit card transactions. There is an additional security layer to do it.

3-D Secure is an XML-based protocol that provides an additional security layer for online credit and debit card transactions.

To explain how 3D Secure works we will compare a regular, non-3D Secure credit card payment with a 3D Secure credit card payment.

Non-3D Secure Payment:

There are 4 primary parties involved in a regular credit card transaction:

  • The cardholder - The person shopping online who has the credit card details
  • Merchant - The "gateway" of the online merchant from whom the cardholder is purchasing
  • The acquiring bank - Merchant's acquiring bank through which we process credit card payments
  • The issuing bank - The bank who issued the cardholder with their credit card

In a regular credit card transaction without 3D Secure, the (simplified) process flow is as follows:

  1. The cardholder enters their card information (16 digit card number, expiry date etc.) on Merchant
  2. Merchant submits the data to our acquiring bank
  3. Our acquiring bank authorises the transaction (by communicating with the credit card network and issuing bank)
  4. The response (success or failure) is passed back up the chain to the cardholder

In this flowchart PayFast is the merchant

3D Secure Payment:

With 3D Secure, a number of additional steps are added to the credit card process with the aim of authenticating the cardholder performing the transaction.

A (very simplified) 3D Secure process is as follows:

In this flowchart PayFast is the merchant
  1. The cardholder enters their card information (16 digit card number, expiry date etc.) on Merchant
  2. Merchant contacts a directory server to see whether the card is enrolled in 3D Secure
  3. The directory server responds with a message indicating that the card is registered
  4. Merchant uses the message to redirect the cardholder to a "3D Secure" page served by the issuing bank
  5. The cardholder authenticates themselves to the issuing bank on the 3D Secure page by entering an OTP (One Time Pin) or known password etc.
  6. The result of this authentication is returned to Merchant.
  7. The merchant submits the card information and the 3D Secure authentication result to our acquiring bank
  8. Our acquiring bank authorises the transaction (by communicating with the credit card network and issuing bank)
  9. The response (success or failure) is passed back up the chain to the cardholder.

Note: There are additional authentication and authorization process in this scenario. That is very important thing in the 3D secure.

. . . . . . . . . . .
Terabox Video Player