RSA Announces the Upcoming Release of Adaptive Authentication for eCommerce 20.6
Summary: RSA Adaptive Authentication for eCommerce is a comprehensive authentication and fraud detection solution for the eCommerce market. The solution is based on the 3DSecure protocol (Visa Secure and Mastercard Identity Check) and is powered by risk-based authentication, an intelligent system that authenticates a user by measuring a series of risk indicators. Transparent authentication provides a user-experience in which a customer is only challenged in high-risk scenarios.
What’s New in Adaptive Authentication for eCommerce 20.6
Adaptive Authentication for eCommerce 20.6 includes these enhancements and new features:
Certification for EMV 3DS Protocol
Adaptive Authentication for eCommerce is certified by Amex for the EMV 3DS 2.1 protocol, and Visa for the EMV 3DS 2.2 protocol.
Decoupled authentication allows customers to authenticate the cardholder separately from the 3D Secure workflow and the cardholder's interaction with the merchant, within a specified time frame. Based on the EMV 3DS 2.2 protocol, in some cases, decoupled authentication can result in a transaction that begins one business day and extends into the next business day, with a limit of up to seven days.
In Adaptive Authentication for eCommerce 20.6, the RSA Interface v3.2 sends customers decoupled authentication notifications in real-time, when a decoupled authentication challenge takes place. The challenge can be active for up to 7 days from the start of the transaction.
When a decoupled authentication challenge is a required, Adaptive Authentication for eCommerce uses a polling mechanism to check for the authentication result. Polling is more frequent near the start time of the transaction and takes place less frequently as time progresses.
The extended timeline for decoupled authentication transactions can affect reporting and transaction data for certain transactions. RDRs now include all transactions that were completed on the previous day, based on the end time of the transaction, as opposed to the start time of the transaction.
Support for Merchant Whitelisting Requests
In this release, Adaptive Authentication for eCommerce enables merchant whitelisting requests.
Based on the EMV 3DS 2.2 protocol, the status of the merchant’s whitelist request for this cardholder is included in the authentication request. Adaptive Authentication for eCommerce passes this value to the customer in data elements included in the RSA Interface v3.2.
The customer can decide how to proceed with the whitelist status sent in the request. Based on customer policies, an updated issuer whitelist status is sent back through the RSA Interface v3.2, and that value is placed in a new Policy Management fact, which can then be used to create corresponding rules.
Adaptive Authentication for eCommerce 20.6 enables the use of Mastercard message extensions for EMV 3DS 2.1 and 2.2 transactions. Mastercard message extensions allow you to use additional elements relevant for PSD2 SCA as recognized by Mastercard, in addition to leveraging selected features of the EMV 3DS 2.2 protocol that will be available in addition to EMV 3DS 2.1 elements. All the elements that are captured from the authentication request using MasterCard extensions are available in the Policy Management application. For the technical impact of this feature, see Technical Impact of Mastercard Message Extension Support.
RSA Interface v3.2
This release of Adaptive Authentication includes a new release of the RSA Interface. Version 3.2 includes these functionality enhancements:
Additional Encryption Support. This version of the RSA Interface includes support for encrypting messages using the RSA-OAEP-256 algorithm, in addition to the currently supported RSA-OAEP algorithm. For more information, see the RSA Interface v3.2 User Guide.
3DS Requestor Initiated (3RI) Authentication Support. 3RI transactions are transactions that are initiated by the merchant when the cardholder is not present in the session. 3RI transactions can be used, for example, to authenticate the cardholder, to collect a recurring payment, or when a subscription- based merchant wants to confirm that an account is still valid. 3RI transactions are supported by the EMV 3DS protocol. In EMV 3DS 2.1, 3RI non- payment transactions are supported, and in EMV 3DS 2.2, both payment and non- payment 3RI transactions are supported. For the technical impact of this feature, see Technical Impact of RSA Interface v3.2 Support for 3RI Authentication.
Adaptive Authentication for eCommerce 20.6 now includes the risk score generated by the RSA Risk Engine in NPA and 3RI transactions.
User Interface Enhancements
When a cardholder has configured only one contact method, you can display the contact information without a choice selection indicator.
This release of Adaptive Authentication for eCommerce includes inline validation of free text entered for OTP and token values in challenge screens. You can display an error message immediately on the screen if the OTP or token do not comply with formatting requirements.
Reminder: RSA Recommends Upgrading to RDR v02
In Adaptive Authentication for eCommerce 20.5, RSA introduced concurrent support for multiple RDR versions. While RDR version support allows you to incorporate the updated fields at your convenience, after implementing the necessary development changes, we recommend implementing the new RDR version before EOL to leverage the new specifications of the EMV 3D Secure protocol (3D Secure 2.0) and provide enhanced visibility into your fraud landscape.
RDR v01 will be declared End-of-Life (EOL) in August 2020.
For detailed information about the new RDRs, see the Adaptive Authentication 20.5 Release Notes and the RDR User Guide.
This release includes changes to the Back Office API Reference Guide:
All message samples were replaced with up to date messages.
Editorial changes were made to improve readability and the user experience.
This release includes an updated RSA Interface v3.2 User Guide, containing updated information for RSA Interface v3.2.
Technical Impact of New Features
Technical Impact of Support for Merchant Whitelisting Requests
The Policy Management application includes a new Merchant Details fact: IssuerWhitelistStatus
The RSA Interface v3.2 includes these new data elements to support merchant whitelisting requests:
RSA Interface Message
Technical Impact of Mastercard Message Extension Support
The Policy Management application contains three new facts for transactions using the MasterCard Message Extension with the ID: A000000004-merchantData.
The Policy Management application includes these new facts:
Merchant Details Facts
Merchant Fraud Rate
Transaction Details Facts
Secure Corporate Payment
Technical Impact of RSA Interface v3.2 Support for 3DS Requestor Initiated (3RI) Authentication
These new data elements are now included in the RSA Interface v3.2 to support for 3RI authentication. For more information about these elements, see the RSA Interface v3.2 User Guide.
RSA Interface Message
New TransactionType: ThreeRI Based (2.0)
New data elements added:
NewTransactionType:ThreeRI Based (2.0)
Technical Impact of New Data Elements Added to the RSA Interface
These new data elements are now included in the fetchAvailableAliases request:
For more information, see the RSA Interface v3.2 User Guide.