Terms and Definitions

The following definitions are intended to provide clarity on the information presented throughout this document.

  • EMVCo: A global technical body owned by American Express, Discover, JCB, MasterCard, UnionPay, and Visa. It facilitates worldwide interoperability and acceptance of secure payment transactions through the use of EMV specifications.

  • EMV: A trademark that provides specifications for developing and implementing card-based payment products that will work together transparently and securely, creating global interoperability in the transactional framework.

  • Cardholder: A person to whom a card is issued or is authorized to use a card, which in the context of the protocol, will allow them to make e-commerce purchases.

  • Issuer: A financial institution that issues payment cards and card-related services. Issuers determine cardholder eligibility to participate in 3D-Secure, providing the ranges of eligible card numbers.

  • Brand: A credit card brand refers to the companies that exist in the credit card market issued by issuing banks. Each brand offers a catalog of specific services to its customers.

  • CAVV: Cardholder Authentication Verification Value, is a security code associated with the information stored on the magnetic stripe of a payment card.

  • 3RI: 3DS Requestor Initiated, is a channel type defined by the 3D-Secure protocol through which a transaction originates. Transactions performed through this channel are intended to confirm account information without requiring the cardholder's presence. For example, a subscription-based e-commerce merchant would use this type of channel to confirm that an account remains valid. These transactions are non-payment and have no user interface.

  • OTP: OTP (One Time Password) codes are single-use numeric codes used for a single transaction. They are typically sent to a cardholder via SMS on their mobile phone whenever they want to make a banking transaction.

  • Server: A program that provides a special service that other programs called clients can use locally or over a network. The type of service offered depends on the server software type. The basis of communication is the client-server model, which allows tasks to be divided between resource or service providers, called servers, and requesters, called clients.

  • SSL Certificate: A digital certificate that authenticates a website's identity and encrypts information sent to the server using SSL (Secure Sockets Layer) technology, enabling encrypted data transfer between a browser and a web server.

  • Slug: The final part of a URL that identifies a page within a website.

  • Regular Expression: Also known as regex, is defined as a sequence of characters that forms a search pattern. These expressions work as patterns and allow analysis and validation of received data strings.

  • Logs: Refers to a history that sequentially records and stores, in a file or database, all events that affect a particular process.

  • 3DS: An anti-fraud messaging protocol that allows consumers to authenticate themselves with their payment card issuer at the time of non-face-to-face transactions.

  • ACS: Access Control Server (ACS) is the EMV® 3D-Secure protocol component that operates in the issuer domain and is responsible for authenticating the cardholder.

  • Acquirer: A financial institution that establishes a contract with merchants to accept card payments. In the 3DS context, the Acquirer also has the authority to determine if a merchant is eligible to participate in the EMV® 3D-Secure protocol.

  • Authentication Value: A cryptographic value generated by the ACS that can be recognized by the authorization system to validate the integrity of the authentication result. The algorithm for the Authentication Value is defined by each payment system.

  • Authorization: The process by which an issuer or processor approves a payment transaction.

  • Authorization System: The systems and services through which a payment system provides online payment processing, authorization, and settlement services to issuers and acquirers.

  • Bank Identification Number (BIN): The first six digits of a card number.

  • Certificate: An electronic document containing a public key legalized or attested by a Certification Authority (CA). This legalization consists of signing with the CA's private key.

  • Challenge: Process through which the ACS communicates with the 3DS Client to obtain additional information through interaction with the cardholder.

  • Consumer Device: The device used by the cardholder (smartphone, laptop, tablet) as a conduit to perform payment operations (authentication and purchase).

  • Device channel: Device channel. Indicates the channel through which the transaction is authorized. The channels are:

    • App-based (01-APP)
    • Browser-based (02-BRW)
    • 3DS Requestor Initiated (03-3RI)

  • Issuer Domain: Composed of the systems and functions of the issuer and its cardholders.

  • Acquirer Domain: Composed of the systems and functions of the 3DS Requestor Environment.

  • Interoperability Domain: The 3DS component that facilitates information transfer between the issuer domain and acquirer domain systems.

  • Luhn Algorithm: A type of algorithm based on the arithmetic modulo principle, which allows verification of whether a sequence of digits corresponds to a valid card number (PAN).

  • Fingerprint: Fingerprinting or digital fingerprinting is all the information recorded about a computing device each time it is used. The fingerprint is a unique identifier built from data such as the browser used, operating system, and installed graphics hardware, among other data.