RSA Announces the Release of Adaptive Authentication for eCommerce 20.7
Summary: RSA Adaptive Authentication for eCommerce is a comprehensive authentication and fraud detection solution for the eCommerce market. The solution is based on the 3DSecure protocol (Visa Secure and Mastercard Identity Check) and is powered by risk-based authentication, an intelligent system that authenticates a user by measuring a series of risk indicators. Transparent authentication provides a user-experience in which a customer is only challenged in high-risk scenarios.
What’s New in Adaptive Authentication for eCommerce 20.7
Adaptive Authentication for eCommerce 20.7 includes these enhancements and new features:
User Interface Enhancements
Adaptive Authentication for eCommerce 20.7 includes improved EMV 3DS browser-based challenge authentication screens. The information on the screens is displayed more clearly for an improved user experience.
Display aliases are presented more clearly. Depending on the number of available aliases, the alias is either displayed without a selection, with radio buttons, or in a drop down list.
More dynamic and responsive interface elements, such as scroll bars for longer texts and instructional text in input fields.
Button text can be in both upper and lower case.
All browsers and device types are now supported.
Note: No text has been modified. The only changes made were usability enhancements.
These are examples of the new screens: These screens are for example purposes only to display the changes to the user experience. The actual texts are
configured individually by each customer.
New Default Bin Configuration
Adaptive Authentication for eCommerce 20.7 includes the option to define a default BIN configuration. By defining a default BIN configuration, the majority of BIN range configurations can be handled in one centralized location, and exceptions in unique BIN ranges can be configured separately. All incoming transactions, other than those configured in unique BIN ranges, are automatically handled using the default BIN configuration. If you have no customized BIN configurations, you can skip the normal BIN Load operation, and focus exclusively on the default BIN load.
In addition to reducing overhead from BIN configuration management, this feature can prevent lost transactions due to misalignment between PAN registration at the card network and at the ACS.
To enable this feature:
Contact your RSA representative to load the default BINs and to provide you with a new URL for this feature that includes the issuer name.
Contact your card network to register the BINs and to replace the RSA URL with the updated URL.
Cloning Rules in the Policy Management Application
This release includes the ability to clone an existing rule when creating new rules. This allows you to easily define several rules that are similar or to make minor changes to existing rules to fine tune the existing rule set. When you clone an existing rule, all rule details are copied other than the rule priority, which you will need to define. You can then modify the new rule as desired. The approval process for cloned rules is the same as the approval process for all new rules. For information about how to clone a rule, see the section on creating new rules in the Back Office User Guide.
Forgot Password Feature in Back Office Applications
This release includes a new forgot password feature for Back Office users. If a Back Office user has forgotten their password, they can reset their password after passing email authentication. Contact your RSA representative to enable this feature. For security reasons, you will be asked to provide the list of approved email domains for sending emails to your Back Office users. Users with an email address stored in the system will be able to use this feature.
v03 of the Activity Log RDR includes additional data elements to support this feature. For more information, see Activity Log Report and the Raw Data Reports User Guide.
New Versions of RDR Reports
Adaptive Authentication for eCommerce 20.7 includes the release of v03 of these reports:
Activity Log Report
v03 of the Activity Log report includes two additional Customer Service activity name values:
Reset Password Started
Reset Password Complete
For more information, see the Raw Data Reports User Guide.
Failed Transactions Report
In v03 of the Failed Transactions report, the Merchant Name field is 50 characters long. (In v01 and v02, this field is 25 characters).
New Transactions Report
V02 of the New Transactions report will be declared EOL six months after the 20.7 release. Please note that by this time, you must change your implementation to consume v03 of the New Transactions report. You do not have to make any other changes to your implementation to make use of the new fields.
In v03 of the New Transactions report:
The filename for the report is: TransactionsNew_V03_MMDDYY.txt
The PAReqMerchantName field is 50 characters long. (In v01 and v02, this field is 25 characters).
These additional fields are included to allow customers to utilize ACS data in their system monitoring:
The name of the rule that was triggered in the Policy Management application.
Indicates the type of 3RI request. Possible values:
Maintain Card Information
Whitelist status check
3DS Requestor Decoupled Request Indicator
Indicates if the 3DS Requestor requests that the ACS use decoupled authentication and agrees to use decoupled authentication if the ACS confirms its use. Possible values:
3DS Requestor Authentication Indicator
The type of authentication request.
Cardholder verification as part of EMV token ID&V
Value used in the RSA User Interface for the RSA Session ID.
For 3DS 1.0 transactions, this is the RSA Transaction ID.
For EMV 3DS transactions, this is the ATN.
Universally unique transaction identifier assigned by the DS to identify a single transaction.
This release includes updated security information in the Batch File Integration Guide.
Reminder: RSA Recommends Upgrading to RDR v02
In Adaptive Authentication for eCommerce 20.5, RSA introduced concurrent support for multiple RDR versions. While RDR version support allows you to incorporate the updated data elements at your convenience, after implementing the necessary development changes, we recommend implementing the new RDR version before EOL to leverage the new specifications of the EMV 3D Secure protocol (3D Secure 2.0) and provide enhanced visibility into your fraud landscape.
Note: RSA understands that the worldwide COVID-19 pandemic may have affected our customer’s implementation timelines. We have therefore delayed the End-of-Life (EOL) date for RDR v01 until October 2020.
For detailed information about the new RDRs, see the Adaptive Authentication for eCommerce 20.5 Release Notes and the Raw Data Reports User Guide.