Card Payments Authentication Flashcards

1
Q

Card Present Authentication

A
  1. A PIN or signature are used to authenticate transactions (elements known by the cardholder)
  2. CVV1
    - A static card verification value is also used to authenticate magstripe transactions
  • Cardholders do not need to be aware of the CVV1
  • By verifying that the CVV1 code matches the one associated with the card, the issuer can confirm that the card is likely in the possession of the legitimate cardholder at the time of the transaction
  1. iCVV (CVV3)
    - Is also used in conjunction with PIN or signature to authenticate EMV chip card transactions
  • The iCVV changes with each transaction, making it more difficult for fraudsters to replicate or steal
  • Since the iCVV is generated by the chip during the transaction process and is not printed on the card, it is not visible to the cardholder
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Card Not Present Authentication

A

“The PAN, cardholder name, and expiry date must be supplied by the cardholder to make a remote card payment transaction”

  • A different, static card verification value, the CVV2 (printed on the card), is used to authenticate CNP payments (This is the only card verification value that cardholders know and is there to demonstrate to the issuer that the card is in possession of the cardholder)
  • Merchant may elect to use additional security features (Address Verification Service). The issuer will return a response and the merchant ultimately decides in line with their risk appetite
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3D Secure

A

“Is to e-commerce transactions what EMV chips is to CP transactions”

“With 3D Secure authentication, there are additional steps for example a pop-up box presented to the cardholders screen asking for further authentication”

  • This enables the issuer to further ascertain that the genuine cardholder is performing the transaction
  • It also helps merchants reduce chargebacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

3D Secure 2.2 Features

A
  • Allows for whitelisting
  • Allows merchants to authenticate payments without customer intervention (recurring, subscription)
  • Decoupled Authentication (deferred for a period of time)
  • Delegated Authentication (when authentication is performed by an eligible third party other than the issuer)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

3D Secure Whitelisting

A

Whitelisting in 3DS allows cardholders to create a list of trusted merchants or transactions that are exempted from the additional authentication process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What the merchant needs to do to deploy 3D Secure

A
  • They need the 3D Secure Server
  • Provided by the PSP

This functionality provides the bridge between the cardholder (e.g. a pop-up window) and the acquirer during the authorisation process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Decoupled Authentication

A
  • Cardholder authentication happens outside of their payment interaction at a different time
  • Merchants can set a time limit (one minute, a week) for the cardholder to complete the authentication process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Delegated Authentication

A
  • Issuers can delegate the authentication process to a third party (aquirer, wallet provider)
  • For example, if a merchant can perform the cardholder authentication through a card-scheme-approved method, information can be passed on to the issuer to confirm the cardholder’s identity, and there will be no need for the issuer to authenticate
  • This means a lot less friction for cardholders (e.g. one-click-payments)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AVS

A
  • Address Verification Service

“Verify that the billing address supplied by the cardholder matches that which the issuer has on record for that card”

  • Issuer will return a single letter code to the merchant (full match, partial match)
  • This does not change the issuers authorization decision
  • the merchant ultimately decides, in line with their risk appetite, to proceed with or reject the transaction

Merchants would use this facility as part of a multi-layered fraud prevention strategy, as it helps minimise chargebacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Adyen - 2 Ways For 3DS

A
  1. Native
    - Card issuer performs the authentication within your website or mobile app using passive, biometric and two factor authentication approaches
  2. Redirect
    - Shoppers are redirected to the card issuers site to provide additional authentication data, for example a password or an SMS. The redirect might lead to lower conversion rates due to technical error during the redirect, or shoppers dropping out of the authentication flow
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Frictionless Flow

A

In a frictionless flow, the acquirer, issuer, and card scheme exchange all necessary information in the background through passive authentication using the shopper’s device fingerprint. The transaction is completed without further shopper interaction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Challenger Flow

A

In a challenge flow, the issuer requires additional shopper interaction, either through biometrics, two-factor authentication, or similar methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly