Joel, I agree that the server MPI approach is a good one. When you say zero installation I assume that you refer to components, servers, and certificates because at least there must be a secure direct (using shared secret) of a shoppingcart to the server-MPI, and likely also a secure success return so that the merchant knows that they payment part etc. is ok and it is just shipping that remains.
Anders ----- Original Message ----- From: "Joel Hockey" <[EMAIL PROTECTED]> To: "internet-payments" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, July 08, 2002 09:17 Subject: RE: VBV - 3D Secure hosted service for merchants/acquirers Hi Amol, I don't want to use this forum to try and push any commercial products and talk about pricing etc, but I do think that people would be interested in understanding the different technologies of vbv and I would be interested in hearing from group members on this subject. As you have pointed out and as the Visa functional requirements spec also mentions (http://www.international.visa.com/fb/paytech/secure/pdfs/3DS_70003-01_FR_Me rchant_Server_Plug-in_v1.0.pdf section 2.4) there are multiple implementation options for an MPI. It may be a stand-alone software component that each merchant must install, or it may be a server MPI that can be run by an acquirer or PSP. My personal opinion is that the server model provides a lot of benefits to merchants and acquirers. A server MPI product can provide * zero installation requirements * simpler integration * no operational concerns * integrated commerce support * future proofing for different schemes Whilst none of these are really 'technical' advantages, they are certainly important. A server model can also prevent what I would label a merchant-in-the-middle attack where a merchant can obtain the cardholder's password by intercepting all traffic between the cardholder and the ACS. Does anyone else have an opinion on the merits of either model? Joel > -----Original Message----- > From: Amol Natu [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 08, 2002 3:56 PM > To: internet-payments; [EMAIL PROTECTED] > Cc: Joel Hockey > Subject: RE: VBV - 3D Secure hosted service for merchants/acquirers > > > Joel > > Thanks for the info. What is the kindof charging model does > QSI Payments > have for such a hosted service to merchants/acquirers ? Is > this published > some place ? Are you aware of similar implementations else-where ? > > Yaron, > Probably 'ibiz-software' only has a product version of the > MPI. I could not > find any information talking of a hosted version. > > Cheers > Amol > > >
