Hi Anders,
About the proposition:
I think the main problem of 3D Secure is that
it's only an authentication mechanism and not
a payment protocol at all.
Compared to SET, the seperation auf authentication
mechanism and payment protocol is a huge step back.
About core technology:
it's interresting that in Jannuary, we had a similar idea.
However, we didn't think that the customer wants to remember
the issuer's domain, so we proposed a lookup mechanism
(similar to DNS) mapping the user's eMail adress to the
domain of his/her issuing bank.
About the idea:
Great approach!
Yours,
Sebastian Kübeck
QENTA paymentsolutions sebastian kübeck
www.qenta.com [EMAIL PROTECTED]
tel: +43 316 81 36 81-0 fax: +43 316 81 36 81-20
Anders Rundgren wrote:
Dear e-Payers,
A SUCCESSOR TO 3D SECURE
Working with state-of-the-art e-commerce solutions and standards
based on Web Services, I see an opportunity to create a system that
would inherit the core 3D Secure idea (the Issuer doing the actual
payment-transaction), but among many things, offering a better
user experience by instead of asking for credit card data, ask the
user to input the issuer's domain name. Like bigbank.com.
This makes even more sense when /if cards get fully virtual, as
then there will be no credit-cards to keep in your purse anymore,
or for shared company-cards, as memorizing huge non-static
numbers is much harder than just remembering the name of a bank.
A further advantage is that almost the entire payment-process
can GUI-wise be performed in the bank (like card selection),
rather than by more or less arbitrary merchant-defined
applications.
THE PROPOSITION
I'm interested in forming a vendor-neutral consortium for
creating a 3D Secure replacement based on other principles,
that would not only support credit-card transactions for *any*
brand, but local account-to-account transaction-schemes as
well. This would make sense for both merchants, and banks, that
probably are less than happy about the current situation, with
solutions that are all over the map for no apparent reason, but
the competition between different card-brands and proprietary
payment-schemes. A successor of 3D Secure should be neutral,
distributed, and locally adaptable to become the norm. OASIS-
open is a possible place for hosting such a project.
THE CORE TECHNOLOGY
As far as I understand. 3D Secure relies on a VISA directory to
map a PAN-code to an issuer URL, but by using Web Services,
Web Service Discovery, and DNS SRV records, you can achieve
the same (or actually considerably better), functionality for the
user as described in the first section. I.e. using DNS which is
already globally available, and completely decentralized, seems
like a much better idea than creating brand-specific, centrally
maintained, one-function-directories.
For those who are deeply into technology and want to know
even more about the anticipated principles behind the proposed
3D Secure replacement, the following URL shows a B2B-
scenario, that does practically the same thing for the creation
of purchase orders (with the exception that DNS SRV-records
were not used):
http://www.x-obi.com/OBI400/OBI4-sc-New-Customer-Order.doc
I.e. you should think of the buying organization as an Issuer and
the purchase order a signed payment transaction. As you may note,
the number of [server] steps are maybe double that of 3D Secure,
but our experience with the OBI Express B2B-standard-to-be,
(can be tested at https://buyer.x-obi.com/BuyerASP/buyer )
indicates that this is no longer a problem. For the end-users things
remain as simple as possible.
BE MOBILE AS WELL
The proposed system is targeted to be equally suitable for mobile
e-payments as well, regardless if the mobile user performs a local
transaction, or a remote ditto.
Any thoughts on this?
Regards
Anders Rundgren
CEO X-OBI
+46 70 - 627 74 37
--
Mit freundlichen Grüßen,
Sebastian Kübeck
QENTA paymentsolutions sebastian kübeck
www.qenta.com [EMAIL PROTECTED]
tel: +43 316 81 36 81-0 fax: +43 316 81 36 81-20
