Access control server (ACS)

Entersekt | Encyclopedia | Access control server (ACS)
What is an access control server (ACS)?

An access control server (ACS) is a component of the 3-D Secure authentication process that facilitates communication between the card issuer, the merchant, and the cardholder during online transactions. The ACS is part of the issuing bank’s authentication solutions, and its function is to verify the identity of cardholders and either challenge their transaction or provide a frictionless flow if the risk is low, to reduce digital banking fraud.

Why is an access control server needed for online banking?

Card not present (CNP) or online payments may offer more convenience for consumers, but they do come with additional risks. Fraudsters target online payments with fraud attacks like phishing, account takeover and man-in-the-middle attacks. To reduce these types of fraud, financial institutions need to know who is actually making the payment; their actual customer or a fraudster. An ACS helps FIs verify the identity of their customers to protect them and their banking platform.

How does an access control server prevent digital payment fraud?

During the 3-D Secure process, the ACS receives an authentication request when the cardholder initiates a payment. The ACS assesses the risk of each transaction and if it presents a minimal risk, the payment could be approved without any friction. If the risk is higher, the ACS will try to verify the cardholder’s identity though a one-time password, two-factor authentication or multi-factor authentication, for example. With this data, it makes a decision on whether it trusts the identity of the cardholder, approving the transaction, or flags it as suspicious and denies the transaction.

An access control server that leverages EMV 3-D Secure standards provides stronger security than one using 3DS 1.0. Instead of relying on easily hackable username and password authentication tools, EMV 3DS uses modern authentication methods, like biometrics, and shares more data points, enabling greater accuracy when it comes to the risk-analysis of payments.

Additional resources:


Access Control Server | 3-D Secure | Payment authentication