No subject
Richard Guy Briggs
rgb at conscoop.ottawa.on.ca
Tue Dec 4 06:05:19 EST 2001
On Tue, Dec 04, 2001 at 03:32:04PM +0800, Enzo Michelangeli wrote:
> Actually, the authentication is not performed by Visa, but by the issuer
> (the member bank that has issued the card). Visa only manages a directory
> server where the merchant's plugin looks up the first six digits of the card
> number (a.k.a. the "issuer BIN") and finds the URL of the "Issuer
> Authentication Control Server". The merchant plugin then redirects the
> buyer's browser to that server, which in turn authenticates the buyer in any
> way it deems fit (normally, a password or PIN). Visa, merchant and acquiring
> bank are all out of the authentication loop: the process only involves
> issuer and cardholder.
>
> If the authentication is successful, the Issuer ACS certifies the card
> number (basically, signing it) and redirects the browser to the merchant's
> plugin, which verifies the issuer's signature (through a Visa-issued root
> cert) and proceeds. Only then it the transaction submitted for
> authorization.
So if I understand this correctly, if I am running a client, for which
there is no plugin, I am screwed? This seems pretty limiting.
> Enzo
slainte mhath, RGB
--
Richard Guy Briggs -- ~\ Auto-Free Ottawa! Canada
<www.TriColour.net> -- \@ @ <www.flora.org/afo/>
No Internet Wiretapping! -- _\\/\%___\\/\% Vote! -- <Green.ca>
<www.FreeSWAN.org>_______GTVS6#790__(*)_______(*)(*)_______<www.Marillion.com>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list