1. Authentication and Payments 27 June 2000 Ann Terwilliger Product Director eCommerce Authentication Visa International

2. Visa ConfidentialGF609DC. 2 2 Authenticated Payment Objective To bring the same level of acceptance, trust and convenience to internet payments as we have in the face-to-face world where merchants are provided a payment guarantee and cardholders feel confident to use their Visa card for payment.

3. Visa ConfidentialGF609DC. 3 3 3 Background  Internet is a key delivery channel for products and services  Secure Electronic Transaction (SET) protocol developed to address issues for payment on the Internet  Global adoption of SET is slower than anticipated  Dispute problems begin to surface – Secure eCommerce Initiative is high priority.  Authenticated Payment Program focuses on identifying buyer and seller  Additional ‘easy to implement’ payment authentication solutions needed now  Three Domain Model developed to provide framework

4. Visa ConfidentialGF609DC. 4 4 Three Domain Model Business Requirements  Provide non-repudiation  Issuer can manage its own risk  Must reduce fraud through some form of enhanced cardholder authentication  Market adoption, efficient, easy to implement, cost- effective  Convenient and simple for consumer and merchants  Quick time to market  Global interoperability - both business and technology

5. Visa ConfidentialGF609DC. 5 5 5 Three Domain Model MERCHANT Authentication and payment messages Internet Issuer Domain Interoperability Domain Acquirer Domain ACQUIRER ISSUER Issuer authenticates CH using Issuer specified technique Payment and authentication processing

6. Visa ConfidentialGF609DC. 6 6 6 Issuer Domain Issuer authenticates CH using Issuer specified technique ISSUER Issuer determines: Method to authenticate CH Distributed vs Centralized Access channels/devices Products supported Branding and interface Differentiation between Issuers Can be Issuer and/or vendor specific

7. Visa ConfidentialGF609DC. 7 7 7 Acquirer Domain MERCHANT Acquirer Domain ACQUIRER Acquirer specified payment and authentication processing Acquirer determines: Method to authenticate merchant Distributed vs Centralized Method to process payments Payment options supported Pricing/value added services Differentiation between Acquirers Can be Acquirer and/or vendor specific

8. Visa ConfidentialGF609DC. 8 8 8 Interoperability Domain Authentication and payment messages Internet Provides: Common method to authenticate parties Common payment messages General payment methods Does not provide: Differentiation among FIs Differentiation among vendor solutions Defines interface between the Issuer and Acquirer domains

9. Visa ConfidentialGF609DC. 9 9 9 Interoperability Solution MERCHANT New Solution Mutually supported authentication and payment messages Internet Issuer Domain Interoperability Domain Acquirer Domain Enrollment & Authentication Visa CA Visa Directory SET Server Wallet (optional) Payment Systems New Solution SET (optional) Others (optional) ACQUIRER SET (optional) Others (optional)

10. Visa ConfidentialGF609DC. 10 10 Summary  Authentication is an important component of Secure eCommerce  Initial authenticated payment solutions were largely technology driven and complex to implement -- global adoption very slow  Characteristics of ‘successful’ authentication solution:  Market driven vs. technology pushed  Not require a specific form of authentication for the consumer  Easy to implement – not complex  No specialized software required for consumer  Platform/delivery channel independent - portable  Software interoperability