A merchant plug-in (MPI) is a software module designed to facilitate 3-D Secure verifications to help prevent credit card fraud.[1] The MPI identifies the account number and queries the servers of the card issuer (Visa, MasterCard, or JCB International) to determine if it is enrolled in a 3D-Secure program and returns the web site address of the issuer access control server (ACS) if it is found.[2] Merchants are responsible for using an SSL/TLS MPI at their servers.[3]

Each card issuer is required to maintain an ACS used to support cardholder authentication.[3] A customer authenticates to this ACS by providing their username and password and the ACS signs the result (success or failure). This signature is then passed through the customer's browser and to the MPI. The plug-in verifies the ACS signature and decides if it wishes to proceed with the transaction.[4]


Commercial MPI software is available from a number of vendors.

See also

edit
  • 3D-Secure
  • Montague, David. "3DS-Implementation That Makes Sense". Fraud Practice. Retrieved March 18, 2013.

References

edit
  1. ^ "Visa USA Merchants Verified by Visa". Retrieved 2008-09-25.
  2. ^ Bidgoli, Hossein (2004). The Internet Encyclopedia. John Wiley and Sons. ISBN 0-471-22203-8.
  3. ^ a b Jarupunphol, Pita; Mitchell, Chris J. "MEASURING 3-D SECURE AND 3D SET AGAINST E-COMMERCE END-USER REQUIREMENTS" (PDF). Retrieved 2017-05-22. {{cite journal}}: Cite journal requires |journal= (help)
  4. ^ Balfe, Shane; Paterson, Kenneth G. "Augmenting Internet-based Card Not Present Transactions with Trusted Computing" (PDF). Retrieved 2008-09-25. {{cite journal}}: Cite journal requires |journal= (help)