1. Seminar on
3-D secure password

2. 3-D Secure
Password

3.  It is an E-Commerce Application for
payment System.
 To know about the 3-D Secure password we
need to know about 3-D and then 3-D Secure.
 3-D Stands for Three Domains here.
 3-D Secure is XML Based Protocol to
implement the better security to the Credit
and Debit card Transactions.
 So The Password formed by 3-D Secure
Protocol is called 3-D Secure Password.

4.  Three Domains Consist of Three Type of
Domains.
 The Very First is Acquirer Domain. (The
Merchant and The Bank to which money is
being paid).
 The Second is Issuer Domain.(The Bank
which issued the card being used)
 And Last but certainly not the least is
Interoperability Domain.(The Infrastructure
provided by the credit card scheme to
support the 3-D Secure Protocol)

5.  It was very firstly developed by the company
“VISA” and gave the name “Verified by Visa”
(VBV) .
 Now it is also adopted by the company
“Master Card” and gave the name “Master
Card Secure Code” (MCSC).
 It is also being used by the company “JCB
International” and gave name “J/Secure”

6.  CUSTOMER
 MERCHANT
 BANK
 INFRASTRUCTURE
 SERVICE OR PRODUCT

7.  Basically 3-D Secure Password is used to
provide the better security to the Customers
for Transactions in the Online Payment
System.
 For Online Purchasing mostly we have to pay
Digital Cash so we have to deal online then it
includes Bank, Merchant and Customer .
So there is requirement of security from
Fraud and Money Theft.
 It is being used for removing the Risk over
the Internet so that customer can feel free in
doing Online Transactions.

8.  This protocol uses XML messages sent over SSL
connections with client authentication (this
ensures the authenticity of both peers, the
server and the client, using digital certificates).
 This is a one time process which takes place on
the card issuer's website and involves the
cardholder answering several security questions
to which only the card issuer and cardholder will
know the answer. The cardholder selects a
password and agrees on a secret phrase, which
will be used by the card issuer during each
online transaction.
 3D Secure can be thought of as an online version
of “Chip and Pin technology”.

9.  In order for a Visa or MasterCard member
bank to use the service, the bank has to
operate compliant software that supports the
latest protocol specifications. Once
compliant software is installed, the member
bank will perform product integration testing
with the payment system server before it
rolls out the system.
 3-D Secure Components
ACS Providers MPI Providers
(Access Control Server) (Merchant Plug-In)

10.  In 3-D Secure protocol, ACS (Access Control
Server) is on the issuer side (banks).
Currently, most banks outsource ACS to a
third party. Commonly, the buyer's web
browser shows the domain name of the ACS
provider, rather than banks' domain name,
however this is not required by the protocol.
Dependent on the ACS provider, it is possible
to specify a bank owned domain name for
use by the ACS.

11.  Each 3-D secure transaction involves two
simple internet request/response pairs:
VEReq/VERes and PAReq/PARes. Visa and
MasterCard don't license merchants for
sending requests to their servers. They
isolate their servers by licensing software
providers which are called MPI (Merchant
Plug-In) providers.

12. Transactions flow
Achieve
Security
Using 3-D
secure
password
Implementation
of 3-D secure
password
Time spent

13. REGISTER YOURSELF WITH THE
1 BANK BEFORE SHOPPING.
DON’T ENTER A PASSWORD TO
2 THE POP Ups.
BANK MUST PROVIDE THE
3 CUSTOMER THE INLINE
FRAME(IFRAME).

14. This implementation curve may be like this……

15.  Reduction in “Unauthorized Transactions”
CHARGE BACK.
 More Security and Reliability.
 More Security means more of the Customers
more if Transactions which is beneficial.
 Authentication

16.  Decreased Risk of Fraud for Online Payment.
 Better Password Security.
 Better Online Shopping and Payments
System.

17.  For the Merchant It can be too expensive
because in Purchasing Software, Monthly
Fee, Setup Fee, Per Transactions Fee so
customer has to also face these Expenses.
 There may be more phishing attacks with
unfamiliar domains because of Vendor’s MCS
and Out Sourced ACS Implementations by
issuing banks.

18.  It was officially launched in 2007 and now
most of the banks are working with this.
 ICICI and more Banks are working on
implementing on 3-D Secure.
 As Now more than 100 vendors are
developing 3-D Secure.
 Current Version 1.0.2 is running with high
Performance.

19.  Please ask Queries

20.  Thank you