What’s New in Adaptive Authentication for eCommerce 20.6
Adaptive Authentication for eCommerce 20.6 includes these enhancements and new features:
Certification for EMV 3DS Protocol
Adaptive Authentication for eCommerce is certified by Amex for the EMV 3DS 2.1 protocol, and Visa for the EMV 3DS 2.2 protocol.
Decoupled authentication allows customers to authenticate the cardholder separately from the 3D Secure workflow and the cardholder's interaction with the merchant, within a specified time frame. Based on the EMV 3DS 2.2 protocol, in some cases, decoupled authentication can result in a transaction that begins one business day and extends into the next business day, with a limit of up to seven days.
- In Adaptive Authentication for eCommerce 20.6, the RSA Interface v3.2 sends customers decoupled authentication notifications in real-time, when a decoupled authentication challenge takes place. The challenge can be active for up to 7 days from the start of the transaction.
- When a decoupled authentication challenge is a required, Adaptive Authentication for eCommerce uses a polling mechanism to check for the authentication result. Polling is more frequent near the start time of the transaction and takes place less frequently as time progresses.
- The extended timeline for decoupled authentication transactions can affect reporting and transaction data for certain transactions. RDRs now include all transactions that were completed on the previous day, based on the end time of the transaction, as opposed to the start time of the transaction.
Support for Merchant Whitelisting Requests
In this release, Adaptive Authentication for eCommerce enables merchant whitelisting requests.
Based on the EMV 3DS 2.2 protocol, the status of the merchant’s whitelist request for this cardholder is included in the authentication request. Adaptive Authentication for eCommerce passes this value to the customer in data elements included in the RSA Interface v3.2.
The customer can decide how to proceed with the whitelist status sent in the request. Based on customer policies, an updated issuer whitelist status is sent back through the RSA Interface v3.2, and that value is placed in a new Policy Management fact, which can then be used to create corresponding rules.
Mastercard Message Extension Support
RSA Interface v3.2
- Additional Encryption Support. This version of the RSA Interface includes support for encrypting messages using the RSA-OAEP-256 algorithm, in addition to the currently supported RSA-OAEP algorithm. For more information, see the RSA Interface v3.2 User Guide.
- 3DS Requestor Initiated (3RI) Authentication Support. 3RI transactions are transactions that are initiated by the merchant when the cardholder is not present in the session. 3RI transactions can be used, for example, to authenticate the cardholder, to collect a recurring payment, or when a subscription- based merchant wants to confirm that an account is still valid.
3RI transactions are supported by the EMV 3DS protocol. In EMV 3DS 2.1, 3RI non- payment transactions are supported, and in EMV 3DS 2.2, both payment and non- payment 3RI transactions are supported.
For the technical impact of this feature, see Technical Impact of RSA Interface v3.2 Support for 3RI Authentication.
- Additional Data Elements Added to RSA Interface messages. For the technical details of the new data elements, see Technical Impact of New Data Elements in RSA Interface v3.2.
Risk Score Included in NPA and 3RI transactions
Adaptive Authentication for eCommerce 20.6 now includes the risk score generated by the RSA Risk Engine in NPA and 3RI transactions.
User Interface Enhancements
Reminder: RSA Recommends Upgrading to RDR v02
RDR v01 will be declared End-of-Life (EOL) in August 2020.
For detailed information about the new RDRs, see the Adaptive Authentication 20.5 Release Notes and the RDR User Guide
- This release includes changes to the Back Office API Reference Guide:
- All message samples were replaced with up to date messages.
- Editorial changes were made to improve readability and the user experience.
- This release includes an updated RSA Interface v3.2 User Guide, containing updated information for RSA Interface v3.2.
Technical Impact of New Features
The Policy Management application contains three new facts for transactions using the MasterCard Message Extension with the ID: A000000004-merchantData.
The Policy Management application includes these new facts:
|Fact Category||Fact Name|
|Merchant Details Facts||Acquirer Country|
|Merchant Fraud Rate|
|Transaction Details Facts||Secure Corporate Payment|
These new data elements are now included in the RSA Interface v3.2 to support for 3RI authentication. For more information about these elements, see the RSA Interface v3.2 User Guide.
|RSA Interface Message||Modification|
|getCardInfo Request||New TransactionType: ThreeRI Based (2.0)|
New data elements added:
|fetchAvailableAliases Request||New TransactionType: ThreeRI Based (2.0)|
New data elements added:
These new data elements are now included in the fetchAvailableAliases request:
For more information, see the RSA Interface v3.2 User Guide.
For additional documentation, downloads, and more, visit the RSA Adaptive Authentication for eCommerce page on RSA Link.
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.