Entersekt ACS
Access Control Server
In this section: Entersekt Products Mobile Certificates ITA Secure Browser Entersekt ACS
Entersekt Access Control Server
Once a card purchase is sent through to the Entersekt ACS, the message containing the transaction details are relayed instantly to the customer's mobile device. The customer can then choose to either "Accept", or "Reject" the purchase. The response is sent back to the issuing bank, and relayed to the merchant using the 3-D Secure infrastructure.
Credit Card Fraud
Credit cards continue to be the easiest and most convenient way to shop online. A passport to international purchases, cards provide a one-click payment solution, allowing funds to move around the globe. This has fuelled and facilitated the e-Commerce revolution and will in all likelihood continue to be the way we pay online for many years to come.
The simplicity of the solution has allowed fraudsters to cash in on the anonymity of the Internet. All that is required is access to a few details on the credit card, all available in plain sight, to enable fraudulent online transactions.
For the wrong reasons, consumers are wary of disclosing credit card details on the Internet: Interception of credit card details between a consumer and a merchant is unlikely, but capturing the details on the consumer's PC, through malware, is far easier.
Card Transaction Security Standards
Internet credit card transactions are traditionally unprotected by an additional security layer, such as a Personal Identification Code, which exposes it to abuse. It is impossible to verify that the customer supplying the credit card detail is in fact the rightful owner of the card, plus, there is no signed transaction record, as with traditional over-the-counter purchases. Consequently, the credit card associations have devised the 3-D Secure standard mandating an additional security barrier prior to authorisation of an online transaction. The associations did not dictate the specific security barrier and implementation has generally simply enforced a username and password to protect the card from unauthorized use.
Compliance with the security standards devised by the card industry has necessitated the purchase of additional software by the card issuer, in order to handle these transactions. Although there is a subtle difference between the individual implementations of the 3-D Secure protocol by Visa (Verified-by-Visa), MasterCard (SecureCode), American Express (SafeKey) and JCB (J/Secure), they effectively all follow the same specifications. The software required to enable this technology, is collectively being referred to as an Access Control Server. Any online transaction request is relayed to this server before concluding the transaction - it is the function of ACS to validate that the customer attempting the purchase is the rightful owner of the card.
The modes of authentication supported by the ACS are extremely flexible as it is built to be combined with ITA to facilitate a complete solution out of the box.
The ACS can be configured to prompt the customer for transaction verification using any one of the following mechanisms:
- Digitally signed response from ITA application on mobile handset
- Bi-directional SMS response
- OTP delivered over SMS
Solution
Entersekt ITA
Entersekt's Interactive Transaction Authentication uniquely provides cryptographically secure, out-of-band, two-factor authentication, prompting the user on his paired mobile phone with the details of a transaction about to take place. The user is then required to Accept or Reject this transaction.
Entersekt automatically issues the user's mobile phone a signed digital certificate which is used to uniquely authenticate that user. This conclusively identifies the cellular phone - without using the mobile number assigned by the carrier. When the user receives a transaction request on his phone (through ITA), and actions it, the response is digitally signed with the unique private key of the user and sent through the data channel to the ITA server at the issuer for validation.
Entersekt's ITA can either operate as a fully-fledged ACS for Visa, MasterCard and American Express by fully adhering to the standards set forth, without any additional solution, or operate in slave mode, providing the authentication module for use with any of the other authentication products available in the market.
