| CPC G06Q 20/02 (2013.01) [G06F 9/54 (2013.01); G06Q 20/12 (2013.01); G06Q 20/351 (2013.01); G06Q 20/354 (2013.01); G06Q 20/385 (2013.01); G06Q 20/388 (2013.01); G06Q 20/405 (2013.01); G06Q 20/40145 (2013.01); H04L 63/0838 (2013.01); H04L 63/0861 (2013.01)] | 15 Claims |
|
1. A computer-implemented method for authenticating e-commerce transactions, the computer-implemented method comprising, by one or more computer devices of an access control server computer comprising a 3-D Secure (3DS) service provider that perform operations including:
receiving, from a payment network computer corresponding to a payment network, a first authentication request message among a plurality of authentication request messages that are concurrently processed to authenticate a transaction associated with a digital electronic payment account, wherein the transaction is initiated by a merchant computer in an acquirer domain;
validating the first authentication request message according to a first portion of a 3-D Secure authorization protocol;
determining that an issuer domain computer has configured, at the access control server computer, a decision function for delegating a second portion of the 3-D Secure authorization protocol to the issuer domain computer, wherein the issuer domain computer is a non-certified or non-compliant 3-D Secure service provider, and wherein the second portion of the 3-D Secure authorization protocol relates to determining a 3DS challenge decision corresponding to the transaction, and wherein the access control server computer provides the issuer domain computer and the payment network with a limited period of time to determine the 3DS challenge decision and respond with a determination;
in response to determining that the issuer domain computer has configured the decision function at the access control server computer, transmitting, to the issuer domain computer, a decision request message for the second portion of the 3-D Secure authorization protocol and information associated with the transaction, the decision request message requesting the issuer domain computer to determine an action for authenticating the transaction based on (1) the information associated with the transaction, (2) one or more programmatic rules implemented by the issuer domain computer, and (3) data associated with the digital electronic payment account that is stored locally by the issuer domain computer that is not 3DS certified or 3DS compliant, the transmitting occurring in lieu of the access control server computer executing the second portion of the 3-D Secure authorization protocol decision function at the access control server computer;
receiving, in response to the decision request message, an indication for an action for authenticating the transaction based on the decision request message sent to the issuer domain computer, the indicated action being to challenge the transaction;
transmitting, in response to receiving the indication for the action, a challenge message to the payment network computer to notify the payment network computer that the transaction is being challenged; and
executing the indicated action to authenticate the transaction by:
transmitting a second authentication request message to a payment application running on a user computer associated with the digital electronic payment account, the payment application having been used to initiate the transaction, the second authentication request message requesting the payment application to authenticate the transaction based on biometric sensors of the user computer;
receiving, from the payment application, an API call comprising a payload verification value specifying that a user associated with the user computer has been authenticated based on the biometric sensors in response to the second authentication request message; and
transmitting, in real-time to the issuer domain computer and the payment network, an authentication response message specifying that the transaction is authenticated.
|