RSA Announces the Upcoming Release of Adaptive Authentication for eCommerce 20.6

Document created by RSA Product Team Employee on Apr 1, 2020Last modified by RSA Link Team on Sep 22, 2020
Version 5Show Document
  • View in full screen mode

Summary:
RSA Adaptive Authentication for eCommerce is a comprehensive authentication and fraud detection solution for the eCommerce market. The solution is based on the 3DSecure protocol (Visa Secure and Mastercard Identity Check) and is powered by risk-based authentication, an intelligent system that authenticates a user by measuring a series of risk indicators. Transparent authentication provides a user-experience in which a customer is only challenged in high-risk scenarios.

What’s New in Adaptive Authentication for eCommerce 20.6

Adaptive Authentication for eCommerce 20.6 includes these enhancements and new features:

 

Certification for EMV 3DS Protocol

Adaptive Authentication for eCommerce is certified by Amex for the EMV 3DS 2.1 protocol, and Visa for the EMV 3DS 2.2 protocol.

 

Decoupled Authentication

Decoupled authentication allows customers to authenticate the cardholder separately from the 3D Secure workflow and the cardholder's interaction with the merchant, within a specified time frame. Based on the EMV 3DS 2.2 protocol, in some cases, decoupled authentication can result in a transaction that begins one business day and extends into the next business day, with a limit of up to seven days.

  • In Adaptive Authentication for eCommerce 20.6, the RSA Interface v3.2 sends customers decoupled authentication notifications in real-time, when a decoupled authentication challenge takes place. The challenge can be active for up to 7 days from the start of the transaction.
  • When a decoupled authentication challenge is a required, Adaptive Authentication for eCommerce uses a polling mechanism to check for the authentication result. Polling is more frequent near the start time of the transaction and takes place less frequently as time progresses.
  • The extended timeline for decoupled authentication transactions can affect reporting and transaction data for certain transactions. RDRs now include all transactions that were completed on the previous day, based on the end time of the transaction, as opposed to the start time of the transaction.

 

Support for Merchant Whitelisting Requests

In this release, Adaptive Authentication for eCommerce enables merchant whitelisting requests.

Based on the EMV 3DS 2.2 protocol, the status of the merchant’s whitelist request for this cardholder is included in the authentication request. Adaptive Authentication for eCommerce passes this value to the customer in data elements included in the RSA Interface v3.2.

The customer can decide how to proceed with the whitelist status sent in the request. Based on customer policies, an updated issuer whitelist status is sent back through the RSA Interface v3.2, and that value is placed in a new Policy Management fact, which can then be used to create corresponding rules.

The updated whitelist status and the transaction decision are sent in the authentication response. For the technical impact of this feature, see Technical Impact of Support for Merchant Whitelisting Requests.

 

Mastercard Message Extension Support

Adaptive Authentication for eCommerce 20.6 enables the use of Mastercard message extensions for EMV 3DS 2.1 and 2.2 transactions.
Mastercard message extensions allow you to use additional elements relevant for PSD2 SCA as recognized by Mastercard, in addition to leveraging selected features of the EMV 3DS 2.2 protocol that will be available in addition to EMV 3DS 2.1 elements.
All the elements that are captured from the authentication request using MasterCard extensions are available in the Policy Management application. For the technical impact of this feature, see Technical Impact of Mastercard Message Extension Support.

 

RSA Interface v3.2

This release of Adaptive Authentication includes a new release of the RSA Interface. Version 3.2 includes these functionality enhancements:

  • Additional Encryption Support. This version of the RSA Interface includes support for encrypting messages using the RSA-OAEP-256 algorithm, in addition to the currently supported RSA-OAEP algorithm. For more information, see the RSA Interface v3.2 User Guide.
  • 3DS Requestor Initiated (3RI) Authentication Support. 3RI transactions are transactions that are initiated by the merchant when the cardholder is not present in the session. 3RI transactions can be used, for example, to authenticate the cardholder, to collect a recurring payment, or when a subscription- based merchant wants to confirm that an account is still valid.
    3RI transactions are supported by the EMV 3DS protocol. In EMV 3DS 2.1, 3RI non- payment transactions are supported, and in EMV 3DS 2.2, both payment and non- payment 3RI transactions are supported.
    For the technical impact of this feature, see Technical Impact of RSA Interface v3.2 Support for 3RI Authentication.
  • Additional Data Elements Added to RSA Interface messages. For the technical details of the new data elements, see Technical Impact of New Data Elements in RSA Interface v3.2.

 

Risk Score Included in NPA and 3RI transactions

Adaptive Authentication for eCommerce 20.6 now includes the risk score generated by the RSA Risk Engine in NPA and 3RI transactions.

 

User Interface Enhancements

  • When a cardholder has configured only one contact method, you can display the contact information without a choice selection indicator.

  • This release of Adaptive Authentication for eCommerce includes inline validation of free text entered for OTP and token values in challenge screens. You can display an error message immediately on the screen if the OTP or token do not comply with formatting requirements.

 

Reminder: RSA Recommends Upgrading to RDR v02

In Adaptive Authentication for eCommerce 20.5, RSA introduced concurrent support for multiple RDR versions. While RDR version support allows you to incorporate the updated fields at your convenience, after implementing the necessary development changes, we recommend implementing the new RDR version before EOL to leverage the new specifications of the EMV 3D Secure protocol (3D Secure 2.0) and provide enhanced visibility into your fraud landscape. 

RDR v01 will be declared End-of-Life (EOL) in August 2020.

For detailed information about the new RDRs, see the Adaptive Authentication 20.5 Release Notes and the RDR User Guide.

 

Documentation Enhancements

  • This release includes changes to the Back Office API Reference Guide:
    • All message samples were replaced with up to date messages.
    • Editorial changes were made to improve readability and the user experience.
  • This release includes an updated RSA Interface v3.2 User Guide, containing updated information for RSA Interface v3.2.

 

Technical Impact of New Features

Technical Impact of Support for Merchant Whitelisting Requests

  • The Policy Management application includes a new Merchant Details fact: IssuerWhitelistStatus
  • The RSA Interface v3.2 includes these new data elements to support merchant whitelisting requests:

     

    RSA Interface MessageDate Element
    getCardInfo RequestWhitelistStatus
    WhitelistStatusSource
    getCardInfo ResponseWhitelistStatus

     

Technical Impact of Mastercard Message Extension Support

The Policy Management application contains three new facts for transactions using the MasterCard Message Extension with the ID: A000000004-merchantData.

The Policy Management application includes these new facts:

Fact CategoryFact Name
Merchant Details FactsAcquirer Country
Merchant Fraud Rate
Transaction Details FactsSecure Corporate Payment
 

Technical Impact of RSA Interface v3.2 Support for 3DS Requestor Initiated (3RI) Authentication

These new data elements are now included in the RSA Interface v3.2 to support for 3RI authentication. For more information about these elements, see the RSA Interface v3.2 User Guide.

 

RSA Interface MessageModification
getCardInfo RequestNew TransactionType: ThreeRI Based (2.0)

New data elements added:

  • threeDSRequestorChallengeInd
  • messageCategory
fetchAvailableAliases RequestNew TransactionType: ThreeRI Based (2.0)

New data elements added:

  • threeDSRequestorDecReqInd
  • threeDSRequestorDecMaxTime

 

Technical Impact of New Data Elements Added to the RSA Interface

These new data elements are now included in the fetchAvailableAliases request:

  • ruleID
  • ruleName

For more information, see the RSA Interface v3.2 User Guide.

 

For additional documentation, downloads, and more, visit the RSA Adaptive Authentication for eCommerce page on RSA Link.

 

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.

Attachments

    Outcomes