RSA Announces the Upcoming Release of Adaptive Authentication for eCommerce 20.5

Document created by RSA Product Team Employee on Jan 2, 2020Last modified by RSA Product Team Employee on Jan 2, 2020
Version 2Show Document
  • View in full screen mode

Summary:
RSA Adaptive Authentication for eCommerce is a comprehensive authentication and fraud detection solution for the eCommerce market. The solution is based on the 3DSecure protocol (Visa Secure and Mastercard Identity Check) and is powered by risk-based authentication, an intelligent system that authenticates a user by measuring a series of risk indicators. Transparent authentication provides a user-experience in which a customer is only challenged in high-risk scenarios.

What’s New in Adaptive Authentication for eCommerce 20.5

Adaptive Authentication for eCommerce 20.5 includes these enhancements and new features:

 

Support for EMV 3D Secure 2.2 Protocol

EMVco 2.2 Certification
Adaptive Authentication for eCommerce is certified by EMVCo for the EMV 3D Secure 2.2 protocol.  Visa certification for EMV 3DS 2.2 is underway. The Mastercard certification process will begin as soon as Mastercard makes it available.
For the technical impact of this feature, see EMV 3D Secure 2.2 Certification.

 

3DS Requestor Initiated (3RI) Authentication
3RI transactions are transactions that are initiated by the merchant when the cardholder is not present in the session. 3RI transactions can be used, for example, in order to authenticate the cardholder, to collect a recurring payment, or when a subscription-based merchant wants to confirm that an account is still valid.
3RI transactions are supported by the EMV 3DS protocol. In EMV 3DS 2.1, 3RI non-payment transactions are supported, and in EMV 3DS 2.2, both payment and non-payment 3RI transactions are supported.
Adaptive Authentication for eCommerce 20.5 enables allow and decline flows for 3RI authentication transactions.
For the technical impact of this feature, see 3DS Requestor Initiated (3RI) Authentication.

 

Decoupled Authentication
Decoupled Authentication enables cardholder authentication separately from of the 3D Secure workflow and the cardholder’s interaction with the merchant, within a specified timeframe.
In this version of Adaptive Authentication for eCommerce, decoupled authentication is enabled. If a challenge flow with decoupled authentication is required, the Out-Of-Band (OOB) authentication method is initiated.
For the technical impact of this feature, see Decoupled Authentication.


New Back Office API Version

Version 1.5 of the Adaptive Authentication for eCommerce Back Office API is available with this release. The Back Office API v1.5 supports IPv6 format, decoupled authentication, 3RI, and additional EMV 2.0 data elements.
For the technical impact of this feature, see New API Version.

 

New RDR Version

In Adaptive Authentication for eCommerce 20.5, RSA introduces concurrent support for multiple RDR versions. As ongoing updates to the 3D Secure protocol continue to be implemented, newer RDR versions reflect new specifications of the EMV 3D Secure protocol (3D Secure 2.0) and provide enhanced visibility into your fraud landscape.
RDR version support allows you to incorporate the updated fields at your convenience, thereby preventing disruption to your internal workflows for consuming the RDRs.
Configurations that utilize the existing RDR files will continue to work as expected, with the RDR files from previous RDR versions, until you change your implementation to utilize newer RDR version files.
Beginning with this release, and concurrent with RDR versioning, previous RDR version files will be declared End of Life (EOL) six months after this release. Exact EOL dates will be announced in the Release Notes.
All RDR files for the new versions are included in the release, in addition to the earlier versions of the RDRs. The report file name indicates the version of the RDR. See the individual RDRs below for the individual file names per RDR version.
For the technical impact of this feature, see New RDR Version.

 

IPv6 Support

Adaptive Authentication for eCommerce 20.5 supports transactions generated by IP addresses in IPv6 as well as IPv4 format for EMV 3DS 2.0 transactions. The new versions of the Back Office API and the RDRs introduced in this release support IPv6.
For the technical impact of this feature, see IPv6 Support.

 

SDK Device Information for EMV 3DS 2.x Protocol

SDK Device Information is data provided by the end-user device is used in the authentication process using the EMV 3DS 2.0 protocol.
Adaptive Authentication for eCommerce 20.5 supports SDK Device Information of the EMV 3DS 2.0 protocol.

 

Browser-Based Language Selection from End-User Device

In order to maintain a unified language experience between the purchase flow and the authentication flow, in this version of Adaptive Authentication for eCommerce, you can configure your implementation to capture the language configured by the end-user on the end-user browser. This allows you to send challenge authentication screens in the captured language. Contact your RSA representative to enable dynamic language selection.

 

UI enhancements

  • Several user interface elements have been improved in this release:
    The More Info section on browser interfaces is now optional and can be configured to either appear or be hidden.
  • On the Disclaimer page in browser interfaces, when an end-user has only one method of contact, the contact information is displayed directly and is no longer presented as a choice selection.
  • When a text exceeds the available line character count on browsers, the text line now wraps to the next line, instead of re-sizing the text.
  • Improved presentation of amounts and dates based on regional formatting conventions. For example:
    • The amount can be 150,00 as well as 150.00.
    • Dates can be MM/DD/YYYY as well as DD/MM/YYYY.

 

Worldpay Updates

This release of Adaptive Authentication for eCommerce includes infrastructure updates in order to upgrade to the up-to-date Worldpay Gateway service for Credit Card Processing and Merchant services, due to the upcoming declaration of EOL of the old service.

 

Technical Impact of New Features

EMV 3D Secure 2.2 Certification

This table describes the technical impact of this feature:

System ElementImpact
Customer Service ApplicationNew possible value in the MessageVersion field of the Transaction Log: 2.2.0.
Back Office API support for EMV 3DS transactions

New deviceInfo Data Structure.

See the Back Office API Reference Guide for more information

New fields in the TransactionInfo message: 

  • merchantCategoryCode
  • messageCategory
  • threeDsRequestorName
  • threeDsRequestorChallengeIndicator
  • deviceInfo

 

 

3DS Requestor Initiated (3RI) Authentication

This table describes the technical impact of this feature:

System ElementImpact
Customer Service ApplicationNew possible value for Transaction Type in the Transaction Log: 3RI Based (2.0)

New possible values for the Operations field in the Activity Log:

  • Start 3RI (2.0) Authentication
  • Start Application Based (2.0) Non-Payment Authentication
  • Start Browser Based (2.0) Non-Payment Authentication
  • Start 3RI (2.0) Non-Payment Authentication
See the Back Office User Guide for more information.
The TermURL field in the Transaction Log is empty for 3RI (2.0) Authentication and Application Based (2.0) Non-Payment Authentication transactions using the EMV 3DS protocol version.
Policy Management ApplicationOn the Manage Rules page, in the Rules table, 3RI Based (2.0) is a new possible Transaction Type value.
The Back Office User Guide includes an indication for each predefined fact stating if the fact applies to 3RI Based EMV transactions.

New Transaction Details fact: 3RI Indicator.

Values for all transactions:

  • 01: Recurring Transaction
  • 02: Instalment Transaction
  • 03: Add card
  • 04: Maintain Card Information
  • 05: Account verification

Values applicable for EMV 3DS transactions protocol version 2.2.0

  • 06: Split/delayed shipment
  • 07: Top-up
  • 08: Mail Order
  • 09: Telephone Order
  • 10: Whitelist status check
  • 11: Other payment
  • 12: Billing Agreement
Case Management ApplicationOn the Case List page, in the Case filters, 3RI Based (2.0) is a new possible Transaction Type value.
On the Case List page, 3RI Based (2.0) is a new possible Transaction Type value.
Analytics ApplicationWhen filtering reports, 3RI Based (2.0) is one of the transaction types you can filter with.
Raw Data Reports

New possible values for the Operations field in the Activity Log Report:

  • Start 3RI (2.0) Authentication
  • Start Application Based (2.0) Non-Payment Authentication
  • Start Browser Based (2.0) Non-Payment Authentication
  • Start 3RI (2.0) Non-Payment Authentication
For more information, see the Raw Data Reports User Guide.
Back Office API3RI Based (2.0) transaction data is only retrieved when using the Back Office API v1.5.

The TransactionInfo response message contains a new possible value for the trxType:

3DS2_3RI: EMV 3DS 2.x 3RI Transaction.

3RI Based EMV 3DS transaction data is retrieved in these methods:

  • ActivityLogRequest
  • FailedTransactionHistoryRequest
  • GetCaseForTransaction
  • TransactionHistoryRequest

 

 

Decoupled Authentication

This table describes the technical impact of this feature:

System ElementImpact
Customer Service Application

New possible value for the Operations field in the Activity Log: Decoupled Authentication Challenge Required.

For more information, see the Back Office User Guide.
Policy Management Application

New Transaction Details fact: 3DS Requestor Decoupled Request Indicator.

For more information, see the Back Office User Guide.
Raw Data Reports

New possible values for the Operations field in the Activity Log Report: Decoupled Authentication Challenge Required.

For more information, see the Raw Data Reports User Guide.

 

New API version

This table describes the technical impact of this feature. For more information, see the Back Office API Reference Guide.

System ElementImpact
Back Office API New possible value for the apiVersionValue of the ApiVersion message: 1.5.

 

New RDR Version

These tables list the file names for the versions of each of the Raw Data Reports that have new versions, and which fields in each report have been altered in the new version. For more information, see the RDR User Guide.

Activity Log Report

RDR v01

(Current Functionality)

RDR v02
File nameActivityNew_MMDDYY.txtActivityNew_V02_MMDDYY.txt
ipAddressIPv4 address. If the IP address is in IPv6 format, the value in this report is 0.0.0.0. Max Length: 15.IPv4 or IPv6 address of the client browser from the HTTP header. The value of this field is 0.0.0.0 for NPA transactions where no IP address is available and for 3RI transactions. Max Length: 39.
OperationNo change.

New values:

  • Start 3RI (2.0) Authentication
  • Start 3RI (2.0) Non-Payment Authentication
  • Start Application Based (2.0) Non-Payment Auth
  • Start Browser Based (2.0) Non-Payment Auth


Case Details Report

RDR v01

(Current Functionality)

RDR v02
File nameCaseDetailsPMRules_MMDDYY.txtCaseDetailsPMRules_V02_MMDDYY.txt
FirstIPAddressIPv4 address. If the IP address is in IPv6 format, the value in this report is 000.000.000.000. Max Length: 15.IPv4 or IPv6 address of the client browser from the HTTP header. The value of this field is 0.0.0.0 for NPA transactions where no IP address is available and for 3RI transactions. Max Length: 39.
RiskScoreNo change.This field is empty for 3RI and NPA transactions.
DeviceChannelN/ANew field.
MessageCategoryN/ANew field.

 

New Transactions Report

RDR v01

(Current Functionality)

RDR v02
File nameTransactionsNew_MMDDYY.txtTransactionsNew_V02_MMDDYY.txt

PAReqIpAddress

IPv4 address. If the IP address is in IPv6 format, the value in this report is 0.0.0.0. Max Length: 15IPv4 or IPv6 address of the client browser from the HTTP header. The value of this field is 0.0.0.0 for NPA transactions where no IP address is available and for 3RI transactions. Max Length: 39.

PAReqPurchaseDate

No change.

This field is empty for NPA transactions that do not include a purchase date.

RiskScoreNo change.This field is empty for 3RI and NPA transactions.
DevciceIDWhen the DeviceID is empty, the value is set to N/A.When the DeviceID is empty and for 3RI transactions, the value is set to N/A.
MessageCategoryN/ANew field.
MerchantCategoryCodeN/ANew field.
3dsRequestorNameN/ANew field.
3dsRequestorChallengeIndicatorN/ANew field.
DeviceModelN/ANew field.
DevicePlatformN/ANew field.
AdvertisingIDN/ANew field.
DeviceNameN/ANew field.
DeviceLanguageN/ANew field.

 

Failed Transactions Report

RDR v01

(Current Functionality)

RDR v02
File nameAAeCommerce_MMDDYY.txtAAeCommerce_V02_MMDDYY.txt

IpAddress

IPv4 address. If the IP address is in IPv6 format, the value in this report is 0.0.0.0. Max Length: 15.

IPv4 or IPv6 address of the client browser from the HTTP header. The value of this field is 0.0.0.0 for NPA transactions where no IP address is available and for 3RI transactions. Max Length: 39.

PurchaseAmountNo change.The value is set to 0 in NPA transactions with no purchase amount.
PurchaseCurrencyNo change.

The value is set to 840 (USD) in NPA transactions with no purchase currency.

DeviceChannelN/ANew field.
MerchantCategoryN/ANew field.

 

 

IPv6 Support

This table describes the technical impact of this feature:

System ElementImpact
Back Office API
  • In v1.5 of the API, all fields for IP addresses using IPv6 format have a maximum length of 39 characters and can retrieve IP addresses in IPv4 or IPv6 format.
  • In earlier versions of the API, IP fields have a maximum length of 14.

These API Response structures contain an ipAddress field:

  • ActivityLogInfo
  • TransactionInfo
Raw Data Reports
  • In v02 of the RDRs, an IP address field has a maximum length of 39 characters and can be either IPv4 or IPv6 addresses.
  • In earlier versions of the RDRs, an IP address field has a maximum length of 15 characters length and can only be an IPv4 address. IPv6 records are represented as 0.0.0.0 or 000.000.000.000 depending on the configuration.

 

 

For additional documentation, downloads, and more, visit the RSA Adaptive Authentication for eCommerce page on RSA Link.

 

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.

Attachments

    Outcomes