412
Agenda
Overview
How it works
Verified by Visa
MasterCard SecureCode
E-Commerce Authentication
Overview
Overview
Verified by Visa
Verified by Visa (also known as 3-D Secure) is a product that allows password information to
be used to confirm the identity of the cardholder. The merchants plug-in software facilitates
the password validation between the cardholder and the issuer during on-line transactions. In
addition to fraud prevention and interchange benefits, VbV provides participating e-commerce
merchants with applicable chargeback protection and/or liability shift based on certain
authorization and settlement information.
MasterCard SecureCode
SecureCode is MasterCards global e-commerce security program for protecting confidential
cardholder data over the Internet. SecureCode uses MasterCards Universal Cardholder
Authentication Field (UCAF) to provide an enhanced payment guarantee to online merchants
by presenting, collecting, and passing cardholder authentication information. Using hidden
fields and merchant plug-in application that is integrated with a merchants web page, along
with authentication information generated by issuers, MasterCard Secure Code provides
explicit evidence of the cardholders involvement in a transaction. MasterCards SecureCode
provides participating e-commerce merchants with applicable chargeback protection based
on certain authorization and settlement information.
Overview
Participants:
Cardholder Participates by entering their password for the issuer to validate via the
merchants plug in software when making a purchase.
Merchant Participates in VbV and SecureCode, their plug-in software forwards the
cardholder account number to Visa or MasterCards card directory to identify the issuer.
The issuer determines cardholder participation and initiates the authentication prompt for
the cardholder to enter their unique password. The issuer performs authentication, and
the merchant receives the Visa CAVV or MasterCard AAV and provides it in the
authorization request.
Overview
Cardholder Authentication Definitions:
Approved Full Authentication
Cardholder, Issuer, and Merchant all participate
Cardholder properly entered their password
Issuer validated the password
Attempted Authentication
Merchant participates and the cardholder was not authenticated:
Issuer may or may not participate or
Cardholder does not participate or
Password was not entered or unable to be validated by issuer
Programs
Verified by Visa & MasterCard SecureCode
Verified by Visa
Real-time online payment authentication system that validates the customer is the owner of the
account presented for payment. When the cardholder is completing an on-line transaction and
the merchant participates in Verified by Visa, the cardholder is prompted to enter a password
that they created when they registered with their bank. The password is forwarded to the issuer
for confirmation. The Verified by Visa window disappears and if fully authenticated, the
cardholder resumes their transaction. If the password is not confirmed an error message will
appear. In the event the cardholder is not participating in VbV, an attempt to authenticate is
recorded.
Offers chargeback protection for dispute reason codes 75 and 83 when the merchant fully
authenticated or attempted to authenticate the transaction.
Excluded Merchants
4829
5967
6051
Non-Financial Institutions Foreign currency, Money Orders (Not Wire Transfer), Traveler Checks
7995
Betting; including Lottery Tickets, Casino gaming chips, Off-Track betting and Wagers at Race
Tracks
Note: Any merchant identified as High Risk for excessive or fraudulent chargebacks will also be excluded from the program.
Note: Commercial cards are excluded unless they are fully authenticated.
| 10
MasterCard SecureCode
Real-time on-line payment authentication environment that validates the customer is the owner of
the account presented for payment. When the cardholder is completing an on-line transaction,
and the merchant participates in SecureCode; Authentication is made to ensure the customer is
the authorized cardholder for the designated card.
This process takes place prior to the authorization request.
When the merchant participates in SecureCode, they have the ability to transport various types
of cardholder authentication data to the issuer which can be validated and authorized with a
defined response.
Full Authentication is received when a merchant attempts to obtain a valid SecureCode response
and the Issuer returns a positive reply. When the merchant attempts to obtain a valid
SecureCode response and the Issuer does not participate in SecureCode, the Authentication is
considered attempted.
MasterCard SecureCode
E-Commerce merchants who participate in the MasterCard SecureCode program are offered
chargeback protection for dispute reason codes 37 (No Cardholder Authorization Fraud) and
49 (Questionable Merchant Activity) and 63 (Cardholder Does Not Recognize Transaction)
when the transaction meets the following criteria:
E-Commerce Transaction
Authorization was obtained for the amount of the transaction AND:
Scenario
Full
Authentication
Received
Authentication
Attempted
| 12