D-Secure electronic payment architecture and adaptive authentication for Ecommerce

Abstract

In our present days, fewer and fewer consumers want to travel to shop, through the Internet these consumers can do all their shopping without leaving their homes. This type of shopping is called e-commerce. E-Commerce is becoming a useful service for consumers, but it is also an important component in the daily activities of merchants. It allows them to reduce the costs of the customers and enterprises, and it allows them to save a lot of time, it can also offer them a lot of benefits. However, the lack of security in web-based transactions and the ease with which the privacy of online communications can be violated are the main stumbling blocks of e-commerce. Merchant online shop websites provide an easy target for attackers. The challenge is to successfully integrate effective security measures and mechanisms to protect the business from being compromised by attackers. We know that effective security is important and has become part of our daily life. There are a lot of E-commerce security strategies and mechanisms, one of them is 3D Secure protocol. Which is a messaging protocol developed by EMVCo to enable consumers to authenticate themselves with their card issuer when making card-not-present (CNP) ecommerce purchases. The additional security layer helps prevent unauthorized CNP transactions and protects the merchant from CNP exposure to fraud. The three domains consist of the merchant/acquirer domain, customer/issuer domain, and the interoperability domain. The present document aims to describe how to implement the 3D secure protocol according to the EMV standard and adapt it for the ecommerce market in Algeria, and also how to make the double authentication using SMS and EMAIL via one-time password (OTP), or other mechanisms. However, further work needs to be done to enhance the security against the growth of online transactions frauds and attacks. We hope that in the near future we can identify the cardholder without the duplicate authentication using AI (computer vision) and face recognition and without OTP and without any user interaction.