In the bustling world of e-commerce, the seamless flow of transactions is essential for businesses to thrive. At the heart of this process lies online payment processing, a sophisticated system comprising various components and protocols. Let's delve into the intricacies of this system to grasp its functioning and significance.
The Components of Online Payment Processing
Issuer or Issuing Bank: These are the financial institutions that issue credit or debit cards to account holders. It is responsible for validation and authentication of cardholders.
Cardholder or Customer: The individual/account holder who holds the credit or debit card issued by the financial institution. They use their cards to make online purchases of goods/services.
Acquirer: Also known as the merchant account's bank, the acquirer handles the merchant's transactions and deposits funds into their account. It also registers merchant for the card network.
Merchant or Business: The entity selling goods or services online to the customers. It accepts payments from cardholders over the purchase of their goods.They either develop their own solutions or use 3rd party solutions to accept transactions.
Card Networks: Providers like Visa and Mastercard facilitate transactions between issuers and acquirers. It is responsible for the verification of the authentication results of the issuer and communicates with the issuer(authorization request) and acquirers(responses).
The Role of Third-Party Payment Processors:
Platforms such as Stripe and RazorPay act as intermediaries between merchants and financial institutions, eliminating the need for businesses to set up individual merchant accounts. They offer easy access to card-based payments, simplifying the transaction process for online businesses.
Understanding the 3D Secure Authentication Protocol
The 3D Secure (3DS) protocol adds an extra layer of security to online transactions, reducing the risk of fraud. It involves three domains:
Issuer Domain: The issuing bank deploys an Access Control Server (ACS) to facilitate 3DS authentication. They receive, process the 3DS messages and authenticate cardholder/transaction, and authenticate cardholders/transactions.
Interoperability Domain: Card networks deploy a Directory Server (DS) containing directories of issuing the bank’s BIN(Bank Identification Number) ranges. They serve as mapping servers to issuing banks.
Acquiring Domain: This is where the payment gateway and acquiring bank reside. The Merchant Plug-In (MPI) facilitates transaction initiation and authentication.
How Payment Gateway Works: A Point-Based Overview
Card Authentication: The Merchant Plug-In (MPI) verifies the cardholder’s account number by communicating with the card network. Steps:
MPI sends a Verification Request (VEReq) to the Card Network's Directory Server (DS).
The DS responds with a Verification Response (VERes) to the MPI after processing the request.
Payer Authorization: The MPI sends requests to the Access Control Server (ACS) for authentication. Steps:
MPI initiates a Payer Authentication Request (PAReq) to the issuing bank's ACS.
The issuing bank's ACS responds with a Payer Authentication Response (PARes) to the MPI.
Upon successful authentication, an Accountholder Authentication Value (AAV) is returned.
The merchant forwards the transaction request to the acquirer, which then communicates with the issuer.
If funds are available, the issuer releases them, and a transaction code is shared with the MPI for analysis.
Capture: Authorized funds are transferred from the customer’s account to the merchant’s account. There's a time period between authorization and capture, during which the transfer doesn't occur instantaneously.
Conclusion
Online payment processing is a multifaceted system that ensures secure and efficient transactions in the digital realm. With the involvement of various stakeholders and the implementation of robust protocols like 3D Secure, businesses can confidently engage in e-commerce, offering customers a seamless payment experience while safeguarding against potential risks.
Comments