Merchant Plug-In
Encyclopedia
A Merchant plug-in is a software module designed to facilitate 3D-Secure verifications to help prevent credit card fraud
. The MPI identifies the account number and queries card issuer (Visa, MasterCard
, or JCB International) servers to determine if it is enrolled in a 3D-Secure program and returns the web site address of the issuer access control server (ACS) if it is found. Merchants are responsible for installing an SSL/TLS
MPI at their servers.
Each card issuer is required to maintain an ACS used to support cardholder authentication. A customer authenticates to this ACS by providing their username and password
and the ACS signs
the result (success or failure). This signature is then passed through the customer's browser and to the MPI. The plug-in verifies the ACS signature and decides if it wishes to proceed with the transaction.
Commercial MPI software is available from a number of merchants.
Credit card fraud
Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also...
. The MPI identifies the account number and queries card issuer (Visa, MasterCard
MasterCard
Mastercard Incorporated or MasterCard Worldwide is an American multinational financial services corporation with its headquarters in the MasterCard International Global Headquarters, Purchase, Harrison, New York, United States...
, or JCB International) servers to determine if it is enrolled in a 3D-Secure program and returns the web site address of the issuer access control server (ACS) if it is found. Merchants are responsible for installing an SSL/TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
MPI at their servers.
Each card issuer is required to maintain an ACS used to support cardholder authentication. A customer authenticates to this ACS by providing their username and password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
and the ACS signs
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
the result (success or failure). This signature is then passed through the customer's browser and to the MPI. The plug-in verifies the ACS signature and decides if it wishes to proceed with the transaction.
Commercial MPI software is available from a number of merchants.