Glossary¶
This page provides a list of terms relating to 3D Secure 2.
| Term | Definition |
|---|---|
| 3DS Client | The consumer-facing component allowing consumer interaction with the 3DS Requestor for initiation of the EMV 3-D Secure protocol. |
| 3DS Integrator | An EMV 3-D Secure participant that facilitates and integrates the 3DS Requestor Environment, and optionally facilitates integration between the Merchant and the Acquirer. |
| 3DS Requestor | The initiator of the EMV 3-D Secure Authentication Request. For example, this may be a merchant or a digital wallet requesting authentication within a purchase flow. |
| 3DS Requestor App | An App on a Consumer Device that can process a 3-D Secure transaction through the use of a 3DS SDK. The 3DS Requestor App is enabled through integration with the 3DS SDK. |
| 3DS Requestor Environment | The 3DS Requestor-controlled components (3DS Requestor App, 3DS SDK, and 3DS Server) are typically facilitated by the 3DS Integrator. Implementation of the 3DS Requestor Environment will vary as defined by the 3DS Integrator. |
| 3DS SDK | 3-D Secure Software Development Kit (SDK). A component that is incorporated into the 3DS Requestor App. The 3DS SDK performs functions related to 3-D Secure on behalf of the 3DS Server. |
| 3DS Server | Refers to the 3DS Integrator's server or systems that handle online transactions and facilitates communication between the 3DS Requestor and the DS. |
| 3-D Secure (3DS) | An e-commerce authentication protocol that enables the secure processing of payment, non-payment and account confirmation card transactions. |
| Access Control Server (ACS) | A component that operates in the Issuer Domain, that verifies whether authentication is available for a card number and device type, and authenticates specific Cardholders. |
| Authentication | In the context of 3-D Secure, the process of confirming that the person making an e-commerce transaction is entitled to use the payment card. |
| Authentication Request(AReq) Message | An EMV 3-D Secure message sent by the 3DS Server via the DS to theACS to initiate the authentication process. |
| Authentication Response (ARes) Message | An EMV 3-D Secure message returned by the ACS via the DS in response to an Authentication Request message. |
| Authentication Value(AV) | A cryptographic value generated by the ACS to provide a way, during authorisation processing, for the authorisation system to validate the integrity of the authentication result. The AV algorithm is defined by each Payment System. |
| Authorisation | A process by which an Issuer, or a processor on the Issuer's behalf, approves a transaction for payment. |
| Authorisation | System The systems and services through which a Payment System delivers online financial processing, authorisation, clearing, and settlement services to Issuers and Acquirers. |
| Bank Identification Number (BIN) | The first six digits of a payment card account number that uniquely identifies the issuing financial institution. Also referred to as Issuer Identification Number (IIN) in ISO 7812. |
| Base64 | Encoding applied to the Authentication Value data element as defined in RFC 2045. |
| Base64url | Encoding applied to the 3DS Method Data, Device Information and the CReq/CRes messages as defined in RFC 7515. |
| Card | In EMVCo Core specification, synonymous to the account of a payment card. |
| Cardholder | An individual to whom a card is issued or who is authorised to use that card. |
| Challenge | The process where the ACS is in communication with the 3DS Client to obtain additional information through Cardholder interaction. |
| Challenge Flow | A 3-D Secure flow that involves Cardholder interaction as defined in EMVCo Core Spec Section 2.5.2. |
| Challenge Request(CReq) Message | An EMV 3-D Secure message sent by the 3DS SDK or 3DS Server where additional information is sent from the Cardholder to the ACS to support the authentication process. |
| Challenge Response(CRes) | The ACS response to the CReq message. It can indicate the result of the Cardholder authentication or, in the case of an App-based model, also signal that further Cardholder interaction is required to complete the authentication. |
| Consumer Device | Device used by a Cardholder such as a smartphone, laptop, or tablet that the Cardholder uses to conduct payment activities including authentication and purchase. |
| Device Channel | Indicates the channel from which the transaction originated. Either: • App-based (01-APP) • Browser-based (02-BRW) • 3DS Requestor Initiated (03-3RI) |
| Device Information | Data provided by the Consumer Device that is used in the authentication process. |
| Directory Server (DS) | A server component operated in the Interoperability Domain; it performs a number of functions that include: authenticating the 3DS Server, routing messages between the 3DS Server and the ACS, and validating the 3DS Server, the 3DS SDK, and the 3DS Requestor. |
| Directory Server Certificate Authority (DS CA) | A component that operates in the Interoperability Domain; generates and Certificate Authority (DS distributes selected digital certificates to components participating in 3-D Secure. Typically, the Payment System to which the DS is connected operates the CA. |
| Directory Server ID (directoryServerID) | Registered Application Provider Identifier (RID) that is unique to the Payment System. RIDs are defined by the ISO 7816-5 standard. |
| Electronic Commerce Indicator (ECI) | Payment System-specific value provided by the ACS to indicate the results of the attempt to authenticate the Cardholder. |
| Frictionless | The process of authentication achieved without Cardholder interaction. |
| Frictionless Flow | A 3-D Secure flow that does not involve Cardholder interaction as defined in EMVCo Core Spec Section 2.5.1. |
| Merchant | Entity that contracts with an Acquirer to accept payment cards. Manages the online shopping experience with the Cardholder, obtains card number, and then transfers control to the 3DS Server, which conducts payment authentication. |
| One-Time Passcode (OTP) | A passcode that is valid for only one login session or transaction, on a computer system or other digital device. |
| Out-of-Band (OOB) | A Challenge activity that is completed outside of, but in parallel to, the 3-D Secure flow. The final Challenge Request is not used to carry the data to be checked by the ACS but signals only that the authentication has been completed. ACS authentication methods or implementations are not defined by the 3-D Secure specification. |
| Registered Application Provider Identifier (RID) | Registered Application Provider Identifier (RID) is unique to a Payment System. RIDs are defined by the ISO 7816-5 standard and are issued by the ISO/IEC 7816-5 registration authority. RIDs are 5 bytes. |