Table of Contents
- How does Payer Auth work
- What are the benefits
- The path of a transaction
- Why Payer Auth requires a website
What is Payer Authentication?
Payer Authentication is our 3D Secure (Verified by Visa, MasterCard Secure Card) service.
Payer Authentication, also known as Verified by Visa (VbV) and MasterCard SecureCode, are security protocols developed by Visa and MasterCard that allow consumers to shop online more securely. Visa and MasterCard also give back to eCommerce businesses that enable these programs by providing chargeback protection and lower interchange rates.
Setup and Technical Notes:
Please check the Processor Matrix (Click on "Processors" on the left side of the Partner Menu) for a full list of processors that can be used with this service. Click on the "Payer Auth" column to bring them to the top.
- We need the merchant's website address (URL) and the Acquiring Bank to enroll a merchant.
- 3D Secure is only available for eCommerce merchants. It cannot be used for retail or MOTO transactions.
- To use our Payer Authentication service, the merchant must use the Three Step Redirect or QuickClick - Button Generator, Build a Button. Both of these options allow us to redirect the customer into the payer authentication service.
- Most shopping carts, CRMs, and other software solutions use the "Direct Post" to connect to us - so third party software solutions may not be able to take advantage of Payer Authentication. The Direct Post API doesn't connect the customer directly to the gateway at any point, so the customer remains on the merchant's website for the duration of the transaction. We are unable to redirect them in this scenario.
- There are some third party shopping carts that offer their own Payer Authentication services. We do have variables available in our Direct Post API to pass the additional data elements through. The merchant needs to be on a supported processor, but they do not need to have the "Payer Authentication" service set up in this scenario.
How does Verified by Visa and MasterCard SecureCode work?
Cardholders can sign up with their bank to create a password (or ‘secure code’) and assign it to their credit card. During checkout, the Customer is prompted to enter their password and the cardholder’s identity can then be confirmed by their Card Issuing bank. The Card Issuer provides additional data elements to confirm the cardholder’s identity. The data elements are amended to the authorization and settlement messages, thus providing the proper benefits of VbV/MCSC.
What are the benefits of Verified by Visa and Mastercard SecureCode?
With the programs, Visa and MasterCard aim to increase consumer confidence in online shopping and reduce fraud. To encourage 3D Secure adoption, Visa and MasterCard offer significant merchant benefits including:
- Fraudulent chargeback protection (per the rules of Visa and MasterCard)
- Interchange discounts averaging 20 basis points
- Dramatic reduction in the fraud screening costs and manual review
- Higher AOV (Average Order Value); secure, confident customers spend more
- Free and automatic platform upgrades
- Expand internationally, risk-free
- Consumer brand loyalty and security
What is the path of a Payer Authentication transaction?
Transactions from your system are routed to both the card associations, as well as the banking authentication networks via an Internet connection through the Payment Gateway. This authentication information can be accessed in real-time through the gateway's comprehensive reporting system, allowing you to easily identify authenticated transactions and recognize fraudulent ones. Enabling authentication does not interrupt the current authorization process.
During checkout, information about the cardholder is directed to the appropriate card association to check their program enrollment status.
If the cardholder is enrolled, an authentication form will be displayed by the cardholder’s bank. This form will collect the password and the bank will validate if it is correct.
Results of authentication are returned in less than one second. The results, new data elements, are proof that the merchant authenticated or attempted to authenticate the cardholder.
- The transaction is then sent for authorization through typical processes and channels. The new data elements (ECI and CAVV) are also submitted during the authorization request, thus providing the appropriate benefits associated with VbV and MCSC.
Why do I need a website in order to use Payer Authentication?
It provides verification to the consumer that the website they've been redirected to is associated with the merchant they're making the purchase from and it's not some phishing attempt.
It's unusual for an eCommerce merchant not to have a website. They might want to consider using a free website builder with basic information on it. That way they may generate some business if someone finds it.