3D Secure Service in India

Internet has taken us to newer heights and to a world of constant changes. Admissions to school, applications to jobs, purchasing a gadget etc can all be done online today. Imagine how it would be if a person buys a laptop through an online shopping site. If the site is not secure then there are high possibilities of cyber theft. This sign is not good for the customer, the bank where he holds the account as well as the retailer (shopping site). A technology that could secure these transactions is more a necessity today.

 

The 3 Ds in this case are not 3 dimensions but 3 domains. The customer who holds a credit or debit card and the bank that provides the card combine to form one domain. It is called the Issuer domain because the bank that issues the card or the facility is in this part of the process.

The second part acts as a media between the two domains. This domain basically holds some data related to the history of transactions made and also acts as an intermediate that transfers data from one domain to another. This domain is called the interoperability domain.

The third part constitutes of the retailer and the bank that holds the transactions made to the merchant. This domain interacts with the issuer domain directly and sometimes through the interoperability domain during the process of transaction.

 

As we know there are 3 basic players (domains) in the entire process and a customer has to register himself with the bank to get this facility before he could continue further. The registration is done online and information like the date of birth of the customer may be asked during the registration process. A customer should be careful and check if the website where he is providing the information is a secure page.

 

A 6 digit password and a personal message will be connected to this process. These two play the role of identity to authenticate before authenticating a customer’s transaction. It is recommended that the customer uses a password (6 digits) that is not easily arrived at (date of birth, postal codes of the residence should not be used).

Once the registration is complete the data flow takes place through the following route.

Issuer server (bank server) -> Access control server -> Visa directory

In the above route the Visa directory stays at interoperability domain. Here as and when the transaction takes place through 3D Secure it gets registered as authentication history.

 

When a customer wishes to purchase a product online he would enter the online shopping site and look for the product. If the shopping site is enabled with 3D secure technology then it would have a plug-in that is connected to a server used by retailer. This server is further accessible by the bank where the retailer’s transactions are held.

Now when a customer visits a shopping site and clicks on purchase option the process starts off. There will be two phases of check. The retailer’s plug-in checks with the visa directory whether this customer has made any transactions earlier or checks the customer’s registration for 3D secure. The visa directory checks this information with access control server and transaction history.

Once the information about the customer’s registration gets back to the retailer’s plug-in it will send a message to the access control server will be sent through another route where it goes through the customer’s browser. This message is called a request to authenticate the customer. This authentication is done by the access control server. Here the customer will type password to identify himself. Later the return message goes through the same customer’s browser and reaches the retailer’s plug-in. Once this authentication is complete the transaction takes place in a smooth way.

 

The Reserve bank of India strictly wants this facility to be adopted by all online retailers and also the credit and debit card providing banks. But still there are complaints in regard to this technology from all around the world. Most of the complaints state that the technology can be easily affected by phishing and few Trojans. Others feel that the authentication process makes the customers to skip from the idea of buying as it involves few steps. Banks including ICICI and SBI have adopted this technology through Master card and Visa card providers.

Another major factor is that from in India online shopping has not yet made a strong foundation in the lifestyle of us. So such technology takes time to find its way and roots in this part of the sub-continent.