No subject

Richard Guy Briggs rgb at
Tue Dec 4 06:05:19 EST 2001

On Tue, Dec 04, 2001 at 03:32:04PM +0800, Enzo Michelangeli wrote:
> Actually, the authentication is not performed by Visa, but by the issuer
> (the member bank that has issued the card). Visa only manages a directory
> server where the merchant's plugin looks up the first six digits of the card
> number (a.k.a. the "issuer BIN") and finds the URL of the "Issuer
> Authentication Control Server". The merchant plugin then redirects the
> buyer's browser to that server, which in turn authenticates the buyer in any
> way it deems fit (normally, a password or PIN). Visa, merchant and acquiring
> bank are all out of the authentication loop: the process only involves
> issuer and cardholder.
> If the authentication is successful, the Issuer ACS certifies the card
> number (basically, signing it) and redirects the browser to the merchant's
> plugin, which verifies the issuer's signature (through a Visa-issued root
> cert) and proceeds. Only then it the transaction submitted for
> authorization.

So if I understand this correctly, if I am running a client, for which
there is no plugin, I am screwed?  This seems pretty limiting.

> Enzo

	slainte mhath, RGB

Richard Guy Briggs           --    ~\                 Auto-Free Ottawa! Canada
<>            --    \@       @           <>
No Internet Wiretapping!        --   _\\/\%___\\/\%        Vote! -- <>

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list