GPayments upgrades authentication platform for CNP transactions

GPayments, the leading Australian-based authentication and payment solution company, has today announced that it has enhanced its bank-grade multi-factor authentication platform, ActiveAccess, to comply with the chip card authentication standards for card-not-present transactions.

The standards, MasterCard's Chip Authentication Program (CAP), Visa's Dynamic Passcode Authentication (DPA) and JCB's J/Smart facilitate the authentication of users when transacting online.

According to Bahram Boutorabi, GPayments' Chairman and founder: "ActiveAccess now provides a complete online authentication solution for issuing banks and service providers, to authenticate online transactions and help eradicate online fraud and identity theft." Under the CAP, DPA and J/Smart programs, a one-time password is generated when the User enters their chip card and PIN into a chip card reader. The User then enters the one-time password into their Internet application to authenticate a transaction.

With the increasing rate and sophistication of identity theft and online fraud coupled with mounting fears and uncertainty amongst users about online security, it is becoming increasingly important to secure online transactions. The implementation of EMV standard chip-card authentication solutions such as CAP, DPA and J/Smart allows EMV issuers to extend the use chip-card authentication solutions to online transaction authentication.

GPayments' ActiveAccess authentication platform provides two major authentication services:

3-D Secure authentication - an Access Control Server (ACS) for issuers supporting Verified by Visa, MasterCard SecureCode and JCB J/Secure
Two factor authentication - for the authentication of users accessing or transacting in a secure online environment

Deployment Flexibility

ActiveAccess provides a number of flexible deployment options. The solution can be deployed in-house, tightly coupling the solution with an issuers card management system. Alternatively, the solution is designed to be deployed in an outsourced service environment, reducing the cost of deployment whilst providing authentication services for a number of cards issuers.

Comprehensive Solution

ActiveAccess provides two-factor authentication services for SMS and one-time password tokens, supporting two of the leading device vendors in the banking and financial services industry, RSA and Vasco. It also provides complete user and device management capabilities, comprehensive reporting and auditing, simple integration, and a number of flexible user-device enrolment options.

As well as being a bank-grade application, the solution offers a number of innovative features such as a unique design to solve the problem of service levels and latency for SMS authentication, and the ability to share user devices amongst partner organisations, allowing issuers to generate revenue from the issuance of authentication devices.

Security Guarantee

The system has been designed for the banking industry, supporting Visa International's 3-D Secure Security Requirements for Enrollment and Access Control Servers and the Payment Card Industry Data Security Standard. In addition, system integrity and application security are assured through the utilisation of a hardware security modules for secure key storage.