Merchant plug-in

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A merchant plug-in (MPI) is a software module designed to facilitate 3D-Secure verifications to help prevent credit card fraud.[1] The MPI identifies the account number and queries card issuer (Visa, MasterCard, or JCB International) servers to determine if it is enrolled in a 3D-Secure program and returns the web site address of the issuer access control server (ACS) if it is found.[2] Merchants are responsible for installing an SSL/TLS MPI at their servers.[3]

Each card issuer is required to maintain an ACS used to support cardholder authentication.[3] A customer authenticates to this ACS by providing their username and password and the ACS signs the result (success or failure). This signature is then passed through the customer's browser and to the MPI. The plug-in verifies the ACS signature and decides if it wishes to proceed with the transaction.[4]

Commercial MPI software is available from a number of vendors.

See also[edit]



  1. ^ "Visa USA Merchants Verified by Visa". Retrieved 2008-09-25. 
  2. ^ Bidgoli, Hossein (2004). The Internet Encyclopedia. John Wiley and Sons. ISBN 0-471-22203-8. 
  3. ^ a b Jarupunphol, Pita; Mitchell, Chris J. "MEASURING 3-D SECURE AND 3D SET AGAINST E-COMMERCE END-USER REQUIREMENTS" (PDF). Retrieved 2008-09-25. 
  4. ^ Balfe, Shane; Paterson, Kenneth G. "Augmenting Internet-based Card Not Present Transactions with Trusted Computing" (PDF). Retrieved 2008-09-25. 
  5. ^ Montague, David. "3DS-Implementation That Makes Sense". Fraud Practice. Fraud Practice. Retrieved March 18, 2013.