Professional Documents
Culture Documents
Mark Patrick
Vice President - Interactive Services
MasterCard International MasterCard Proprietary
Guaranteed Payments
Increased Consumer
Confidence and Spending
Security in
Cross-Border Transactions
MasterCard Proprietary
chargeback disputes
Higher decline rates for online
transactions
Lessened revenue
Findings
As a result, merchant chargeback expenses for online
Purchase
*Source: INET Reports, 4th Quarter 2000
Introducing...
UCAF
SPA
Consumer Rationale
Secure is reassuring and strong.
Code is secret, private and stronger than password
8
Fully
Guaranteed Transactions
SecureCode
Objective
Proposal is to eliminate RC 37 Fraudulent Transaction -
10
MasterCard
SecureCode Components
Universal Cardholder
TM
Authentication Field (UCAF )
Objective:
12
13
hidden fields:
14
UCAF Enabled
UCAF Brand
15
authentication data
Acquirer systems collect and pass UCAF data
Issuer
UCAF data
(unaltered)
Merchant
UCAF data
(unaltered)
16
Merchant
Present,
Collect,
Pass
Issuer
Acquirer
Merchant Name
Card Acceptor City
Card Acceptor State/Country Code
Currency Code
Sale Amount
MTS (optional)
UCAF Authentication Data Field
Account Number
Expiration Date
CVC2
UCAF Enabled
UCAF Brand
Issuer-Defined
Security Token carried via
UCAF Authentication Data Field
Merchant Responsibilities
Update website to include UCAF hidden data fields
Evaluate server capabilities
Contact your transaction processor
18
19
MasterCard SPA
Using the UCAF Infrastructure
What is SPA?
Secure Payment Application
MasterCards preferred issuer-based security scheme for
remote transactions
Utilizes the UCAF data transport infrastructure to
21
What is SPA?
SPA defines the protocols, messages, message formats, and data
22
23
UCAF Environment
Merchant
4) Accountholder is verified by
Issuer SPA server
Acquirer
-Generate and store AAV data
-Validate AAV during
authorization
SPA Server
*********
MasterCard
Solutions for Issuer and Acquirers
27
29
30
Cardholder Applet
ActiveAccess
SPA Module
Maestro Module
Cardholder Browser
Cardholder Mobile
Device
Cardholder Plug-in
(Chip)
31
AAV
Verification
Module
Issuers
Datacenter
HSM
Issuer
Authorization
Host
Issuers
Existing Card
Management
System
MIP/
VAP
MIP/
VAP
BankNet/VisaNet
Acquirer
Host/ Switch/
Gateway
Cardholder
Data
Internet Payment
Gateway
Batch
Data Upload
Module
MasterCard
APC
Cardholder
Authentication
Data
Issuer
Administration
and Registration
SPA Applet
Download
Download Server
Cardholder
Cardholder
Enrollment
Enrollment
Visa Directory
Server
HSM
Enrollment
Browser
Enrollment/ Download
Merchant Web
Storefront
UCAF
MPI
Browser
SPA Applet
Shopping
MIGS Architecture
Merchant/Enterprise/
Portal Server(s)
- E-commerce
- M-commerce
- T-commerce
Call Center
- Telesales
- IVR
Electronic Bill
Presentment
Business Systems
- ERP
- CRM
E-Procurement
Portal
Online Store
MIGS
Authenticated
with Digital
Certificate
Internet
&
Private
Digital Receipt (DR)
Subsequent Transactions
- Capture / Refund
- Reconciliation
- Enquiries & Reports
BANKNET
Merchant
Administration
and Reporting
Banks
and
Card
Schemes
MIGS
Paymen
t Server
RSC
Acquirer
2
1
4
3
Issuer
Cardholder
36
MasterCard
Guaranteed Payment Milestones
Implementation Timeline
1 April 2002
1 April 2003