- Home >
-
- Existing customers >
-
- Internet authentication >
- Technical Info
- Internet authentication >
-
- Existing customers >
-
Technical Info
This section provides a block diagram view of the different components of authentication.
Authentication uses the 3D-Secure Protocol to process authentication requests between cardholder, card issuer, your website and our hosted service. It is useful to understand how the components communicate.
Click here for a diagram showing the Product/Merchant Management cycle.
The BMS Hosted Authentication Service will perform the following:
- Store local cache of the DS bin ranges
- Interface with DS on your behalf for verifying card enrolment
- Verify signature of the PAReq you receive from the issuer
You will be using the SDK to integrate with your application. The SDK enables your application to be authentication aware. The SDK communicates with the BMS Hosted Authentication Service for all the functions such as verifying card enrolment, creating PAReq message and verifying PAReq signature.
| Component | Description |
|---|---|
| SDK | The SDK is hosted on your web servers and communicates directly with our hosted Merchant Service. |
| BMS Hosted Merchant Service | This receives authentication requests from your SDK and communicates with the relevant scheme directory to perform authentication. We will maintain audit records on this service and will ensure compliance with scheme rules. |
| Directory Server (DS) | This is maintained by the card schemes (Visa and MasterCard) and provides details of the relevant issuer ACS for a given card number. The Directory Server can also determine if an issuer is participating in authentication and it may also determine whether an "attempts" response can be returned. |
| Access Control Server (ACS) | The ACS is run by (or on behalf of) the card issuer. It performs two basic functions. It communicates to your SDK to confirm whether a card number can be authenticated, and then controls the authentication process with the cardholder. When a cardholder is authenticated, the ACS sends a digitally signed message to your SDK and will return an Issuer Authentication Value (IAV). |
| Account Holder File (AHF) | This is the database of all enrolled cardholders maintained by the card issuer. It contains all the details used to authenticate a cardholder. |
| Enrolment Server (ES) | This is the server that runs the cardholder enrolment service. It is outside of the actual payment process and can be used to enrol cardholders at any time. |
| Authentication History Server (AHS) | The AHS provides a transaction audit of all authentication request and subsequent results. Receipts of authentication requests are maintained which record details of the card, purchase amount, merchant and timestamp of authentication. AHS data is not made widely available and is only used by the card schemes in the event of arbitration. |
Information and resources to support you in using our products:
