RSA announces the release of Adaptive Authentication for eCommerce 20.5

Document created by RSA Product Team Employee on Feb 3, 2020Last modified by RSA Product Team Employee on Feb 3, 2020
Version 3Show Document
  • View in full screen mode

Summary:
RSA Adaptive Authentication for eCommerce is a comprehensive authentication and fraud detection solution for the eCommerce market. The solution is based on the 3DSecure protocol (Visa Secure and Mastercard Identity Check) and is powered by risk-based authentication, an intelligent system that authenticates a user by measuring a series of risk indicators. Transparent authentication provides a user-experience in which a customer is only challenged in high-risk scenarios.

What’s New in Adaptive Authentication for eCommerce 20.5

Adaptive Authentication for eCommerce 20.5 includes these enhancements and new features:

 

Support for EMV 3D Secure 2.2 Protocol

EMVco 2.2 Certification
Adaptive Authentication for eCommerce is certified by EMVCo for the EMV 3D Secure 2.2 protocol.  Visa certification for EMV 3DS 2.2 is underway. The Mastercard certification process will begin as soon as Mastercard makes it available.
For the technical impact of this feature, see Technical Impact of EMV 3D Secure 2.2 Certification.

 

3DS Requestor Initiated (3RI) Authentication
3RI transactions are transactions that are initiated by the merchant when the cardholder is not present in the session. 3RI transactions can be used, for example, in order to authenticate the cardholder, to collect a recurring payment, or when a subscription-based merchant wants to confirm that an account is still valid.
3RI transactions are supported by the EMV 3DS protocol. In EMV 3DS 2.1, 3RI non-payment transactions are supported, and in EMV 3DS 2.2, both payment and non-payment 3RI transactions are supported.
Adaptive Authentication for eCommerce 20.5 enables allow and decline flows for 3RI authentication transactions.
For the technical impact of this feature, see Technical Impact of 3DS Requestor Initiated (3RI) Authentication.

 

Decoupled Authentication
Decoupled Authentication enables cardholder authentication separately from of the 3D Secure workflow and the cardholder’s interaction with the merchant, within a specified timeframe.
In this version of Adaptive Authentication for eCommerce, decoupled authentication is enabled. If a challenge flow with decoupled authentication is required, the Out-Of-Band (OOB) authentication method is initiated.
For the technical impact of this feature, see Technical Impact of Decoupled Authentication.


New Back Office API Version

Version 1.5 of the Adaptive Authentication for eCommerce Back Office API is available with this release. The Back Office API v1.5 supports IPv6 format, decoupled authentication, 3RI, and additional EMV 2.0 data elements.
For the technical impact of this feature, see Technical Impact of New API Version.

 

New RDR Version

In Adaptive Authentication for eCommerce 20.5, RSA introduces concurrent support for multiple RDR versions. As ongoing updates to the 3D Secure protocol continue to be implemented, newer RDR versions reflect new specifications of the EMV 3D Secure protocol (3D Secure 2.0) and provide enhanced visibility into your fraud landscape.
RDR version support allows you to incorporate the updated fields at your convenience, thereby preventing disruption to your internal workflows for consuming the RDRs.
Configurations that utilize the existing RDR files will continue to work as expected, with the RDR files from previous RDR versions, until you change your implementation to utilize newer RDR version files.
Beginning with this release, and concurrent with RDR versioning, previous RDR version files will be declared End of Life (EOL) six months after this release. Exact EOL dates will be announced in the Release Notes.
All new versions of the RDRs are included in the release, in addition to the earlier versions of the RDRs. The report file name indicates the version of the RDR. See the individual RDRs below for the individual file names per RDR version.
For the technical impact of this feature, see Technical Impact of New RDR Version.

 

IPv6 Support

Adaptive Authentication for eCommerce 20.5 supports transactions generated by IP addresses in IPv6 as well as IPv4 format for EMV 3DS 2.0 transactions. The new versions of the Back Office API and the RDRs introduced in this release support IPv6.
For the technical impact of this feature, see Technical Impact of IPv6 Support.

 

SDK Device Information for EMV 3DS 2.x Protocol

SDK Device Information is data provided by the end-user device is used in the authentication process using the EMV 3DS 2.0 protocol.
Adaptive Authentication for eCommerce 20.5 supports SDK Device Information of the EMV 3DS 2.0 protocol.

 

Browser-Based Language Selection from End-User Device

In order to maintain a unified language experience between the purchase flow and the authentication flow, in this version of Adaptive Authentication for eCommerce, you can configure your implementation to capture the language configured by the end-user on the end-user browser. This allows you to send challenge authentication screens in the captured language. Contact your RSA representative to enable dynamic language selection.

 

UI enhancements

  • Several user interface elements have been improved in this release:
    The More Info section on browser interfaces is now optional and can be configured to either appear or be hidden.
  • When a text exceeds the available line character count on browsers, the text line now wraps to the next line, instead of re-sizing the text.
  • Improved presentation of amounts and dates based on regional formatting conventions. For example:
    • The amount can be 150,00 as well as 150.00.
    • Dates can be MM/DD/YYYY as well as DD/MM/YYYY.

 

Worldpay Updates

This release of Adaptive Authentication for eCommerce includes infrastructure updates in order to upgrade to the up-to-date Worldpay Gateway service for Credit Card Processing and Merchant services, due to the upcoming declaration of EOL of the old service.

 

Rule Names Added to Back Office API

The Back Office API v1.5 includes the RuleName in addition to the RuleID in the RuleData message. The RuleID has been updated to indicate the alphanumeric value automatically assigned to the rule, and the RuleName is the unique name the customer assigned to the rule. For more information, see the Back Office API Reference Guide.

 

Documentation Enhancements

The complete Adaptive Authentication for eCommerce documentation set has been updated to align with all RSA products for an updated look and feel. The documentation includes a new cover page and formatting changes.

 

 

Technical Impact of New Features

Technical Impact of EMV 3D Secure 2.2 Certification

This table describes the technical impact of this feature:

System ElementImpact
Customer Service ApplicationThere is a new possible value in the MessageVersion field of the Transaction Log: 2.2.0.
Case Management Application support for EMV 3DS transactions

The View Case page contains a new Carholder Information section.The Carholder Information section contains these fields:

  • Billing Address
  • Shipping Address

For more information, see the Back Office User Guide.

The View Case page contains new fields in the Case Details section:

  • 3DS Requestor Name
  • Merchant Category Code
  • Message Category
  • Device Platform
  • Device Name
  • Advertising ID
  • Device Language

For more information, see the Back Office User Guide.

Back Office API support for EMV 3DS transactions

There is a new Data Structure:  deviceInfo.

See the Back Office API Reference Guide for more information

The TransactionInfo message contains these new fields: 

  • merchantCategoryCode
  • messageCategory
  • threeDsRequestorName
  • threeDsRequestorChallengeIndicator
  • deviceInfo

 

 

Technical Impact of 3DS Requestor Initiated (3RI) Authentication

This table describes the technical impact of this feature:

System ElementImpact
Customer Service ApplicationIn the Transaction Log, there is a new possible value for Transaction Type: 3RI Based (2.0)
In the Transaction Log, the TermURL field is empty for 3RI (2.0) Authentication and Application Based (2.0) Non-Payment Authentication transactions using the EMV 3DS protocol version.

In the Activity Log, there are new possible values for the Operations field:

  • Start 3RI (2.0) Authentication
  • Start Application Based (2.0) Non-Payment Authentication
  • Start Browser Based (2.0) Non-Payment Authentication
  • Start 3RI (2.0) Non-Payment Authentication
See the Back Office User Guide for more information.
Policy Management ApplicationOn the Manage Rules page, there is a new possible Transaction Type value in the Rules table: 3RI Based (2.0) .
The Back Office User Guide includes an indication for each predefined fact stating if the fact applies to 3RI Based EMV transactions.

There is a new Transaction Details fact: 3RI Indicator.

Possible values for all transactions:

  • 01: Recurring Transaction
  • 02: Instalment Transaction
  • 03: Add card
  • 04: Maintain Card Information
  • 05: Account verification

In addition, these values can also be used for transactions using EMV 3DS 2.2.0 and later:

  • 07: Top-up
  • 08: Mail Order
  • 09: Telephone Order
  • 10: Whitelist status check
  • 11: Other payment
  • 12: Billing Agreement
Case Management ApplicationOn the Case List page, 3RI Based (2.0) is one of the transaction types in the case filters.
On the Case List page, there is a new  possible Transaction Type value: 3RI Based (2.0).
Analytics ApplicationWhen filtering reports, 3RI Based (2.0) is one of the transaction types you can filter with.
Raw Data Reports

In the Activity Log Report, there are new possible values for the Operations field:

  • Start 3RI (2.0) Authentication
  • Start Application Based (2.0) Non-Payment Authentication
  • Start Browser Based (2.0) Non-Payment Authentication
  • Start 3RI (2.0) Non-Payment Authentication
For more information, see the Raw Data Reports User Guide.
Back Office API3RI Based (2.0) transaction data is only retrieved when using the Back Office API v1.5.

The TransactionInfo response message contains a new possible value for the trxType:

3DS2_3RI: EMV 3DS 2.x 3RI Transaction.

3RI Based EMV 3DS transaction data is retrieved in these methods:

  • ActivityLogRequest
  • FailedTransactionHistoryRequest
  • GetCaseForTransaction
  • TransactionHistoryRequest

 

 

Technical Impact of Decoupled Authentication

This table describes the technical impact of this feature:

System ElementImpact
Customer Service Application

In the Activity Log, there is a new possible value for the Operations field: Decoupled Authentication Challenge Required.

For more information, see the Back Office User Guide.
Policy Management Application

There is a new Transaction Details fact: 3DS Requestor Decoupled Request Indicator.

For more information, see the Back Office User Guide.
Raw Data Reports

In the Activity Log Report, there is a new possible value for the Operations field : Decoupled Authentication Challenge Required.

For more information, see the Raw Data Reports User Guide.

 

Technical Impact of New API version

This table describes the technical impact of this feature. For more information, see the Back Office API Reference Guide.

System ElementImpact
Back Office API In the ApiVersion message, there is a new possible value for the apiVersionValue: 1.5.

 

Technical Impact of New RDR Version

These tables list the file names for the versions of each of the Raw Data Reports that have new versions, and which fields in each report have been altered in the new version. For more information, see the RDR User Guide.

Activity Log Report

RDR v01

(Current Functionality)

RDR v02
File nameActivityNew_MMDDYY.txtActivityNew_V02_MMDDYY.txt
ipAddressIPv4 address. If the IP address is in IPv6 format, the value in this report is 0.0.0.0. Max Length: 15.IPv4 or IPv6 address of the client browser from the HTTP header. The value of this field is 0.0.0.0 for NPA transactions where no IP address is available and for 3RI transactions. Max Length: 39.
OperationNo change.

There are new possible values for this field:

  • Start 3RI (2.0) Authentication
  • Start 3RI (2.0) Non-Payment Authentication
  • Start Application Based (2.0) Non-Payment Auth
  • Start Browser Based (2.0) Non-Payment Auth


Case Details Report

RDR v01

(Current Functionality)

RDR v02
File nameCaseDetailsPMRules_MMDDYY.txtCaseDetailsPMRules_V02_MMDDYY.txt
FirstIPAddressIPv4 address. If the IP address is in IPv6 format, the value in this report is 000.000.000.000. Max Length: 15.IPv4 or IPv6 address of the client browser from the HTTP header. The value of this field is 0.0.0.0 for NPA transactions where no IP address is available and for 3RI transactions. Max Length: 39.
RiskScoreNo change.This field is empty for 3RI and NPA transactions.
DeviceChannelN/ANew field.
MessageCategoryN/ANew field.

 

New Transactions Report

RDR v01

(Current Functionality)

RDR v02
File nameTransactionsNew_MMDDYY.txtTransactionsNew_V02_MMDDYY.txt

PAReqIpAddress

IPv4 address. If the IP address is in IPv6 format, the value in this report is 0.0.0.0. Max Length: 15IPv4 or IPv6 address of the client browser from the HTTP header. The value of this field is 0.0.0.0 for NPA transactions where no IP address is available and for 3RI transactions. Max Length: 39.

PAReqPurchaseDate

No change.

This field is empty for NPA transactions that do not include a purchase date.

RiskScoreNo change.This field is empty for 3RI and NPA transactions.
DevciceIDWhen the DeviceID is empty, the value is set to N/A.When the DeviceID is empty and for 3RI transactions, the value is set to N/A.
MessageCategoryN/ANew field.
MerchantCategoryCodeN/ANew field.
3dsRequestorNameN/ANew field.
3dsRequestorChallengeIndicatorN/ANew field.
DeviceModelN/ANew field.
DevicePlatformN/ANew field.
AdvertisingIDN/ANew field.
DeviceNameN/ANew field.
DeviceLanguageN/ANew field.

 

Failed Transactions Report

RDR v01

(Current Functionality)

RDR v02
File nameAAeCommerce_MMDDYY.txtAAeCommerce_V02_MMDDYY.txt

IpAddress

IPv4 address. If the IP address is in IPv6 format, the value in this report is 0.0.0.0. Max Length: 15.

IPv4 or IPv6 address of the client browser from the HTTP header. The value of this field is 0.0.0.0 for NPA transactions where no IP address is available and for 3RI transactions. Max Length: 39.

PurchaseAmountNo change.The value is set to 0 in NPA transactions with no purchase amount.
PurchaseCurrencyNo change.

The value is set to 840 (USD) in NPA transactions with no purchase currency.

DeviceChannelN/ANew field.
MerchantCategoryN/ANew field.

 

 

Technical Impact of IPv6 Support

This table describes the technical impact of this feature:

System ElementImpact
Back Office API
  • In v1.5 of the API, all fields for IP addresses using IPv6 format have a maximum length of 39 characters and can retrieve IP addresses in IPv4 or IPv6 format.
  • In earlier versions of the API, IP fields have a maximum length of 14.

These API Response structures contain an ipAddress field:

  • ActivityLogInfo
  • TransactionInfo
Raw Data Reports
  • In v02 of the RDRs, an IP address field has a maximum length of 39 characters and can be either IPv4 or IPv6 addresses.
  • In earlier versions of the RDRs, an IP address field has a maximum length of 15 characters length and can only be an IPv4 address. IPv6 records are represented as 0.0.0.0 or 000.000.000.000 depending on the configuration.

 

 

For additional documentation, downloads, and more, visit the RSA Adaptive Authentication for eCommerce page on RSA Link.

 

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.

Attachments

    Outcomes