WAY4 3-D Secure MPI

A software solution for acquirers and PSPs for secure

mobile and e-commerce payments

Version 1.2

OpenWay Group www.openwaygroup.com Confidential

WAY4 3-D Secure MPI

СONTENTS
BACKGROUND ......................................................................................................2
What is WAY4 3-D Secure MPI? ........................................................................................................................................2

BENEFITS 4
For acquirers and PSPs ...........................................................................................................................................................4
For cardholders .......................................................................................................................................................................5
For merchants..........................................................................................................................................................................5

WAY4 3-D SECURE MPI OVERVIEW ......................................................................6

3-D Secure programs .............................................................................................................................................................7
Cardholder authentication ...................................................................................................................................................8
Merchant authentication ......................................................................................................................................................8
Transaction authorization preparation ................................................................................................................................9
Risk-based assessment ...........................................................................................................................................................9

WANT TO KNOW MORE? .....................................................................................10

OpenWay Group www.openwaygroup.com Confidential 1/10

WAY4 3-D Secure MPI

BACKGROUND
Over the last decade, the world has experienced enormous growth in mobile
and e-commerce payments. According to “The UPS Pulse of the Online
Shopper” report, mobile e-commerce sales are projected to grow to $250
billion by 20201. The projections for this continued growth challenge the
payment industry, particularly around security, customer experience and
buyers control over online and in-app purchases.
The number of disputed e-commerce transactions has also been growing
rapidly, with Internet-related fraud cases constituting a significant
percentage of all reported fraud cases. The majority of chargebacks for web
transactions are fraud-related or originated by cardholders claiming non-
participation. Frequent cardholder disputes undermine the confidence of
merchants and acquirers and pose a threat to these payment channels.
At the same time merchants do not wish to sacrifice conversion for the
increased security, because when it is too much effort to complete the
payment, clients tend to abandon the cart.
To make online purchases more secure and reliable and enhance the
customer experience, payment schemes developed the 3-D Secure
standard around 20 years ago. This standard has been recently upgraded to
the 2.X version, considering the specifics of the m-commerce purchase
experience, namely:
 Support of more device types, such as smartphones, tablets
and smart TV;
 More data for seamless security and new authentication
methods support;
 Modern payment technologies and instruments support (e.g.
tokenization, wallets, in-app payments);
 Frictionless flows where the cardholder’s authentication is
replaced with the risk-based assessment.

What is WAY4 3-D Secure MPI?

WAY4 3-D Secure MPI2 is a software solution for acquirers and PSPs enabling
a streamlined authentication of e-commerce payments through the 3-D
Secure protocol. The WAY4 solution integrates with any 3rd party merchant
management and e-commerce gateway system via APIs and provides
frictionless transaction flows. It is fully PA-DSS compliant and meets all the
security requirements of EMVCo.

1
https://solutions.ups.com/rs/935-KKE-240/images/UPS-Pulse-of-the-Online-Shopper-
2017-Volume-1.pdf
2
In the new 3-D Secure protocol 2.x, the MPI module has been renamed to the 3DS
Server. The MPI (Merchant Plug-In) naming goes back to the initial idea of the very first
3-D implementations, where the MPI was supposed to be situated on the merchant’s
side. OpenWay keeps this name for the new solution, as the WAY4 3-D Secure MPI
remains capable of both protocols, and MPI is a widely used term in the market.

OpenWay Group www.openwaygroup.com Confidential 2/10

WAY4 3-D Secure MPI

The WAY4 3-D Secure MPI solution can operate by itself as a complete stand-
alone solution. It can be added on top of the existing acquiring infrastructure,
as well as be part of the full WAY4 E-commerce Acquiring solution.

3-D Secure 1.x vs. 2.x

WAY4 3-D Secure MPI supports the existing 3-D Secure 1.x protocol and the
brand-new 2.x protocol. During the checkout the solution automatically
determines which protocol should be used to process the card. For acquirers
and PSPs who already use the WAY4 solution for 3-D Secure 1.x, OpenWay
offers a licensed upgrade to the 2.x version API suitable for versions co-
existence time period.
Both 1.x and 2.x versions are to co-exist until the December 2020, and
international payment schemes require financial institutions to strictly
determine the version belonging to the card. The WAY4 3-D Secure MPI
solution shares this information with the external 3-D Secure 1.x solutions, so
financial institutions can route the card authentication accordingly.

OpenWay Group www.openwaygroup.com Confidential 3/10

WAY4 3-D Secure MPI

BENEFITS
For acquirers and PSPs
Implementation of WAY4 3-D Secure MPI gives you the following advantages:
 All-inclusive support
WAY4 3-D Secure MPI supports all existing 3-D Secure programs
sponsored by payment schemes, including Verified By Visa,
Mastercard Identity Check, AmEx SafeKey and JCB J/Secure. WAY4
also supports the internet payment service UnionPay Online Payment
(UPOP), designed by UnionPay to offer a convenient and safe
internet payment method for Chinese cardholders.
 Increased revenue
WAY4 3-D Secure MPI increases cardholder confidence in the security
of online purchases and improves customer experience. That makes
merchants more willing to accept international transactions,
increasing acquirer / PSP profits.
 Reduced cost
WAY4 3-D Secure MPI protects the acquirer / PSP from fraud-related
chargebacks, reducing chargeback handling costs.
 Easy set-up of new merchants
Adding a new e-merchant is as easy as adding a typical POS
merchant.
 Simple integration with an existing e-commerce infrastructure
In order to enable the full range of 3-D Secure functionality, WAY4 3-
D Secure MPI includes straightforward APIs, which can be integrated
into the existing e-commerce infrastructure as a standalone solution.
 Fault tolerance
WAY4 3-D Secure MPI allows several authentication servers to be used
simultaneously. If one server is down, data will be re-routed through
other servers.
 PA-DSS compliance
WAY4 3-D Secure MPI is compliant with the PCI DSS standard, required
by payment schemes.
 Future growth
WAY4 3-D Secure MPI is one of the solutions for acquiring business that
is supported on WAY4. Should you decide to upgrade your role within
the acquiring value chain, you can add new functionality and run the
full-fledged merchant acquiring and payment gateway on a single
WAY4 platform.

OpenWay Group www.openwaygroup.com Confidential 4/10

WAY4 3-D Secure MPI

For cardholders
The benefits for cardholders include:
 Increase in confidence
Customers feel more confident when making purchases over the
internet and other internet-enabled devices, e.g. smartphones,
tablets
 Easy to use
From the customer’s perspective, 3-D Secure adds efficiency with
minimal to no impact on the apps and payment flows that they are
used to. No new skills are needed and thus the adoption is easy.
 Frictionless flow
Risk-based authentication (RBA) on the issuer’s side makes the
authentication process easy and seamless for the buyers. They are
not asked for any passwords and enjoy a smooth checkout flow
without interruptions. WAY4 3-D Secure MPI provides the issuer’s risk-
based assessment module with all related information necessary for
a frictionless authentication.
 No special requirements
When using basic or OTP authentication methods, no special
application software needs to be installed on the customer access
device.

For merchants
Merchant benefits are:
 Minimal impact on the merchant infrastructure
Host-based, WAY4 3-D Secure MPI does not require merchant plug-in
deployment. So, the module can be easily integrated into existed e-
shops without noticeable impact on the merchant infrastructure.
 Increased conversion and sales
By enhancing customer confidence in online purchasing and making
the checkout experience frictionless, WAY4 3-D Secure MPI helps to
increase merchant sales.
 Reduced risk and decreased dispute transactions
Increased security through WAY4 3-D Secure MPI reduces the risk of
fraudulent transactions and decreases the number of disputed
transactions.
 SDK for quick and easy integration with mobile apps
The solution is planned to support secure in-app purchases on top of
browser-based e-commerce. Merchants will be able to easily
implement this into the checkout flow within their applications using
the WAY4 3-D Secure MPI SDK. This functionality will require a license
extension.

OpenWay Group www.openwaygroup.com Confidential 5/10

WAY4 3-D Secure MPI

WAY4 3-D SECURE MPI OVERVIEW

WAY4 3-D Secure MPI is a crucial part of a standardized three-domain e-
commerce model as illustrated in the figure below. This scheme is applicable
for both the stand-alone WAY4 3-D Secure MPI solution and the full WAY4 E-
commerce Acquiring solution. The WAY4 3-D Secure MPI uses the same
integration principles and APIs in both cases.

On the acquirer domain, the solution integrates with merchant management

and e-commerce gateway systems via APIs. It provides authentication
message exchange between the acquirer, payment gateway and
international payment schemes.
If an acquirer uses WAY4 Acquiring and WAY4 E-Commerce Gateway as
end-to-end merchant management and e-commerce gateway systems
which share the same business core with WAY4 3-D Secure MPI, no special
effort is required to implement an authorization process and clearing and
settlement with e-merchants. WAY4 E-Commerce Gateway also supports
alternative payment methods for e-merchants (e.g. Alipay, mVisa).
 For information on WAY4 Acquiring and WAY4 E-Commerce
Gateway, please refer to the respective brochures.
Besides, the acquirers that already run online acquiring on WAY4 can benefit
from additional integration with the WAY4 core database that will help to
reduce the number of data fields that should be sent to MPI.

OpenWay Group www.openwaygroup.com Confidential 6/10

WAY4 3-D Secure MPI

To complete the suite, OpenWay provides a WAY4 3-D Secure ACS solution
which handles the e-commerce transaction processing on the issuer’s side.
 For information on WAY4 3-D Secure ACS please refer to the WAY4 3-
D Secure ACS brochure.
WAY4 3-D Secure MPI is implemented on the acquirer (or PSP) domain. This
increases transaction security since sensitive information, such as card
numbers, is not stored by the e-merchant. This reduces the possibility of fraud
to a minimum, and also creates economies of scale when connecting new
merchants.
The WAY4 3-D Secure MPI helps PSPs and acquirers perform the following
functions:
 Cardholder authentication
WAY4 enables merchants to integrate the authentication process
seamlessly into their checkout experiences, for both mobile app and
browser-based authentications.
The solution organizes the message exchange with the issuer’s ACS
via the payment scheme directory server to validate the card’s
participation in the 3-D Secure program and, if successful,
authenticates the cardholder.
 Merchant authentication
The new procedures ensure that merchants participating in online
transactions are operating under proper merchant agreements with
the acquirer and payment gateway.
 Transaction authorization
If the cardholder authentication response shows a successful
authentication and the merchant is authorized, the payment
gateway proceeds with transaction authorization.
 Tokenization
Tokenization enhances the user purchase experience. It lets the
acquirer or PSP to securely store the tokens for card details that a
customer usually has to enter manually at every checkout. The 3-D
Secure solution supports the initial step for tokenization enabling – the
authentication.

3-D Secure programs

WAY4 3-D Secure MPI supports all 3-D Secure programs that exist in various
payment schemes, including:
 Verified by Visa
 Mastercard Identity Check
 JCB J/Secure
 AmEx SafeKey
 UPOP by UPI

OpenWay Group www.openwaygroup.com Confidential 7/10

WAY4 3-D Secure MPI

 For information on WAY4 authorization and clearing interfaces to Visa,

Mastercard, AmEx, JCB, and UnionPay please refer to the respective
brochures.

Cardholder authentication
To support cardholder authentication on the acquirer side, WAY4 3-D Secure
MPI provides the following functionality:
 Requests to Directory Server (DS)
WAY4 3-D Secure MPI contacts the payment scheme’s DS (to
determine whether the cardholder is enrolled in 3-D Secure).
 Authentication requests to ACS
If the cardholder is enrolled in 3-D Secure, WAY4 3-D Secure MPI sends
an authentication request to the issuer’s ACS via the cardholder’s
browser.
 Issuer digital signature verification
After performing the cardholder authentication routine as defined by
the issuer, the ACS formats and digitally signs the authentication
response. Then the ACS returns the response to WAY4 3-D Secure MPI
that verifies the issuer digital signature.
 Non-payment user authentication
The latest edition of WAY4 3-D Secure MPI also allows acquirers to
perform non-payment user authentication, which enables various
online services outside payments that rely on trusted parties for user
authentication. WAY4 3-D secure MPI collects and prepares all the
data that is needed to proceed with identifying the customer as a
trusted user and grant secure access to web-based services (for
example, governmental portals, mobile wallet, online service
subscriptions, etc.)
 In-app authentication
OpenWay plans to provide a mobile SDK for merchant applications
to perform an in-app authentication in the near future. The
functionality will require a license extension.

Merchant authentication
When using WAY4 3-D Secure MPI, the acquirer is responsible for merchant
authentication. This involves identifying a specific merchant and determining
whether they are authorized to participate in 3-D Secure. To this end, WAY4
3-D Secure MPI provides:
 Flexible merchant interface
WAY4 3-D Secure MPI provides a flexible interface to e-merchants for
making online payments with 3-D Secure. The interface does not
depend on the authentication method, and it is configurable for
each merchant. Different cryptographic values can be used for
various merchants.

OpenWay Group www.openwaygroup.com Confidential 8/10

WAY4 3-D Secure MPI

 Various merchant authentication methods

Currently, WAY4 3-D Secure MPI supports two methods of merchant
authentication:
 Message Authentication Code (MAC)
 Digital signature
Both MAC and digital signature are digital security codes created by
a cryptographic algorithm. They are used to ensure data integrity and
to verify the identity of the data sender.
 Merchant authentication data management
When using WAY4 3-D Secure MPI, the acquirer assigns and manages
cryptographic values used for merchant authentication, such as
encryption keys.

Transaction authorization preparation

If the cardholder and merchant authentication is successful, WAY4 3-D
Secure MPI prepares all of the necessary data for the authorization request.
Along with typical transaction information, WAY4 3-D Secure MPI provides the
following values for the request message:
 CAVV/AAV
CAVV/AAV (Cardholder Authentication Verification Value/
Accountholder Authentication Value) is a cryptographic control
value. It is generated by the issuer’s ACS during cardholder
authentication and transmitted to the MPI in the authentication
response. When processing an authorization request from WAY4 3-D
Secure MPI, the CAVV/AAV value is checked by the issuer to make
sure that the cardholder has been authenticated.
 ECI
ECI (Electronic Commerce Indicator) shows the transaction’s security
level. It indicates whether the transaction is a 3-D Secure transaction,
and if it is, whether the transaction is authenticated. The ECI value is
generated by the issuer’s ACS during cardholder authentication and
copied by WAY4 3-D Secure MPI from the authentication response to
the authorization request message.

Risk-based assessment
Risk-based assessment (RBA) allows an issuer to authorize or deny the
purchase using risk analysis evaluation instead of asking the cardholder to
enter one-time passwords or other verifications during the payment. WAY4 3-
D Secure MPI collects and prepares an extended data set which is then
transmitted through a dedicated message flow to the issuer for the risk
analysis. This makes a payment frictionless and decreases the number of
declines during authentication, thus driving conversion for merchants and
improving the shopping experience for the cardholder.
 The RBA functionality on the issuer side can also be supported in
WAY4, and it is an essential part of the WAY4 3-D Secure ACS solution.

OpenWay Group www.openwaygroup.com Confidential 9/10

WAY4 3-D Secure MPI

WANT TO KNOW MORE?

Thank you for your interest in our solutions. If you would like to know more
about this solution or other WAY4 software solutions or contact an OpenWay
office near you, please visit our website, www.openwaygroup.com, and
other resources:
http://www.facebook.com/Openwaygroup
http://www.linkedin.com/company/openway
http://www.twitter.com/openwaygroup

OpenWay Group www.openwaygroup.com Confidential 10/10