RSA Announces the Release of Adaptive Authentication for eCommerce 21.1
RSA Adaptive Authentication for eCommerce is a comprehensive authentication and fraud detection solution for the eCommerce market. The solution is based on the 3DSecure protocol (Visa Secure and Mastercard Identity Check) and is powered by risk-based authentication, an intelligent system that authenticates a user by measuring a series of risk indicators. Transparent authentication provides a user-experience in which a customer is only challenged in high-risk scenarios.
What’s New in Adaptive Authentication for eCommerce 21.1
RSA Adaptive Authentication for eCommerce 21.1 includes these new features, enhancements, and changes.
EMV 3DS Certification
Adaptive Authentication for eCommerce is now also certified by:
Mastercard for the EMV 3DS 2.2 protocol
Visa for expanded support of the EMV 3DS 2.2 protocol, including enhanced SCA functionality
Introducing the New Back Office Master App
Adaptive Authentication for eCommerce 21.1 includes the first stage of our brand-new Back Office Master app. In this release, the Back Office Master app includes Analytics reports with upgraded Tableau reports. In the future, additional Back office applications will be added to the portal as each Back Office application is upgraded and enhanced. The existing Analytics application, accessible through the Policy Management application, will continue to be available to customers for a limited time until March 15th, 2021. Links to the new Back Office Master app will be communicated to customers starting on January 31, 2021.
The Back Office Master app can be accessed using Google Chrome and Microsoft Edge.
Challenge Info Label Added to SDK App Challenge Flows
A Challenge Information Label element is now included in the SDK app flow, with these default values:
On the authentication selection page, where the user chooses the authentication method if there is more than one option, the default value is: “Please select”.
On the OTP screen, where the user enters the one-time password, the default value is: “Enter your code here".
Recently, RSA noticed a few instances of failed transactions in EMV 3DS SDK app challenge flows. Our investigation revealed that the root cause was a missing Challenge Information Label element.
This use-case is only relevant if the transaction meets all these conditions:
EMV 3DS 2.1 & 2.2 protocol
An SDK app flow
Since this occurs only in SDK app flows, the merchant’s apps are responsible for handling and presenting the label. While some merchants have implemented this label, others have not. If the label is missing, some transactions related to early adopters who also validate the label’s existence will fail in these scenarios. While some merchants may not have implemented the change, we cannot be certain that their implementations even refer to this label. To resolve this, we have added this missing label in SDK app flows.
RSA acted quickly to add this label to the data sent to merchants in the app flow to be presented in the challenges presented by the merchants.
To immediately reduce some transactions from failing, RSA added default values for this label. The values had to reflect the potential placement of the label based on the protocol and, at the same time, take into account that some merchants have not yet implemented the label. We cannot guarantee that the label will be presented to the user in all cases in the near future. As such, the value had to be meaningful, but not unique.
If necessary, RSA will accept requests from customers to modify this label. Please contact your RSA representative if you want to change the label text.
RSA User Interface (RGI) Enhancements
To improve transparency of the RGI errors, we have expanded the internal error messaging system to increase the granularity of the information provided in the activity log.
These new values are included in the Activity Log in the Customer Service application, Back Office APIs and the RDRs:
A new Adaptive Authentication: Start 3DS 1.0 Challenge. Contact your RSA representative to enable this avctivity.
These additional errors are included in the RGI and can appear in addition to the existing errors.
Note: These values have been added within the existing error code ranges in the system.
3DS 1.0 Error ID
Error on the issuer's side
Invalid issuer session id
OTP generation failed on the issuer's side
Issuer could not send OTP to the cardholder
There was a problem initiating the OOB flow
There was a problem with the issuer's OOB service
Generating token value failed
Encryption failed on the issuer's side
Message Signing failed on the issuer's side
Decryption failed on the issuer's side
Signature verification failed on the issuer's side
Unexpected http status received from the issuer
Timeout connecting to or sending data to the issuer
SSL connection failed
Unsupported response received by the issuer
Signature validation failed
Connection error on issuer's side
Support for Visa and Mastercard Implementations of PSD2 Exemptions
Visa and Mastercard have provided technical specifications to support PSD2 EU regulatory exemptions.
Adaptive Authentication for eCommerce 21.1 supports Secure Corporate Payments Exemptions for Visa, and Acquirer Strong Consumer Authentication for Mastercard.
If you would like to enable these exemptions, contact your RSA representative to implement any necessary changes. Implement changes to your rules and policies to ensure that you allow all transactions for which you want to provide exemptions. By definition, exemptions cannot be applied to challenged or declined transactions.
Notification of EOL for Earlier Versions of RDR Reports
In the upcoming 21.2 release of Adaptive Authentication for eCommerce in April 2021, these RDR reports will be declared EOL:
New Transactions Report v02
Failed Transactions Report v02
Activity Log Report v02
Case Details Report v01
Back Office Enhancement
In the Policy Management application, there is a new list type: Browser Language. You can create a list using this list type.