# Article

You can find more knowledge about products on this site.

# What is an ACS in the 3DS Ecosystem?

In today's rapidly evolving digital landscape, online card-not-present (CNP) fraud remains a persistent challenge for financial institutions and merchants alike. **3D Secure** (3DS), particularly its modern iteration, **EMV 3-D Secure** (3DS 2.x), stands as the industry's answer to this threat. This sophisticated security protocol introduces an essential layer of authentication for online credit and debit card transactions, aiming to drastically reduce fraud while simultaneously improving the customer experience.

#### ACS in the 3DS Ecosystem

The "3D" in 3DS refers to the three interconnected domains:

- Acquirer Domain: Encompassing the merchant and their acquiring bank, which processes card payments.
- Issuer Domain: Representing the cardholder's issuing bank, responsible for the card itself.
- Interoperability Domain: The underlying infrastructure and systems that facilitate seamless communication between the acquirer and issuer during a transaction.

At the heart of the Issuer Domain lies the **Access Control Server** (ACS). This is the technology that Verestro has now secured EMVCo approval for. The ACS is the brain behind the cardholder's authentication experience, operating in real-time to assess transaction risk and, when necessary, challenge the cardholder for verification.

#### Why Choose the Verestro ACS?

Building and certifying your own ACS can take over a year and cost upwards of €100,000. **Verestro ACS provides a ready-to-use, fully certified solution that eliminates these barriers -** offering rapid deployment, reduced costs, and full compliance.

##### Core functions of Verestro ACS

- Verifying whether a card number is eligible for 3-D Secure authentication
- Determining if the consumer's device type supports 3-D Secure
- Authenticating the cardholder or confirming account information during transactions

##### Benefits of Verestro ACS

- Enhanced Customer Experience: Offer a fast, intuitive, and secure checkout process - reducing cart abandonment and improving satisfaction.
- Optimized Authentication Performance: Benefit from fast, reliable authentication flows that minimize delays and reduce failed transactions.
- Device-Agnostic Compatibility: Ensure seamless operation across all channels - web, mobile browsers, and mobile apps.
- Frictionless and Low-Friction Authentication: Support risk-based authentication and modern low-friction methods like biometrics, helping reduce step-up challenges.
- Higher Approval Rates with Lower Fraud: Improve authorization rates by up while maintaining high security standards. Reduce fraud on 3DS-enabled transactions compared to non-3DS transactions.
- Regulatory Compliance Made Easy: Stay fully aligned with evolving EMV® 3-D Secure standards and PSD2 SCA requirements - no additional development needed.
- Faster Time-to-Market: Avoid long certification cycles and heavy infrastructure costs.

##### Key Features

- EMVCo Certified
- SaaS Model: Scalable, reliable, and maintenance-free
- Simple API Integration: Fast time-to-market
- Powerful Admin Panel
- Browse and review authentication events in detail
- Manage challenge screens and user flows via a flexible UI builder
- Define custom rules with a highly configurable Rule Engine
- Dashboard providing insights and key statistics at a glance


##### Authentication Flows

**Frictionless Flow**

- The cardholder is authenticated without any additional input, based on a real-time risk assessment using data such as transaction history, device information, and behavioral analytics.
- *Best for low-risk transactions* – no user disruption.

**Challenge Flow**

- The cardholder is required to complete a step-up authentication, such as entering a one-time passcode (OTP) or using biometrics.
- Used for higher-risk or non-recognized transactions.

**3RI (Three Requestor Initiated)**

- Authentication initiated by the merchant or payment service provider without the cardholder actively being involved (e.g., for subscriptions or card-on-file payments).
- Enables secure recurring or delayed transactions.

**SPC (Secure Payment Confirmation)**

A new flow supported by some browsers (notably in the EU), using WebAuthn and device biometrics to allow strong customer authentication in a streamlined, secure manner.

Combines strong security with an excellent user experience.

##### Authentication methods

- One-time passcode (OTP) sent via SMS
- Out-of-band verification through a mobile app
- Decoupled authentication
- Biometric authentication
- Other methods supported by EMV® 3-D Secure 2.3.1 and EMV® 3-D Secure 2.2.0

##### Device Channels

- App-based
- Browser-based

##### Regulatory Compliance

**Verestro ACS is fully compliant with major standards and certifications**, including:

- EMV® 3-D Secure 2.3.1
- EMV® 3-D Secure 2.2.0
- PCI-DSS
- PCI 3DS

Verestro is excited to continue empowering the future of payments by providing our clients with the cutting-edge technology - Access Control Server. This milestone reinforces Verestro's position as a trusted innovator, dedicated to making online transactions safer, smarter, and more seamless for everyone. If you are interested in our solution, don't hesitate to [**contact us**](https://www.verestro.com/).

# Multi-acquiring in eCommerce Payments

#### Acceptance of eCommerce payments 

When you are thinking of starting acceptance of **eCommerce payments** via cards or other payment methods, you should definitely consider a long term strategy and a **multi-acquiring** scenario.

The starting point for any merchant, marketplace or other digital platform is the way you are going to charge users on the Internet. Normally, you are thinking of choosing an acquirer like Stripe, Adyen or local providers from your country. Let’s think of strategic implications.

#### Strategic implications

Assuming you have one acquiring partner at a time and you customize your platform to their requirement you are actually building a very strong dependency on this partner. Very often you will ask this acquirer to provide **Card-on-File** functionalities, cards of your users will be stored by this acquiring partner. Sometimes the acquirer will have features that support easier transaction conversion but they will be hosted on the partner side to avoid **PCI DSS** requirements and costs. By implementing such functionalities that will be good for your users and UX, you are actually becoming more and more dependent on your acquiring partner. It means that your negotiating power is going down and the cost of transaction processing will grow.

The bigger your business is, the bigger the problem is. What is the solution to such a situation?

#### Multi-acquiring

It is called multi-acquiring. You should choose a **technology platform**, compliant with **PCI DSS requirements** that can integrate with **multiple acquirers** globally so that you are not dependent on a single acquirer but have a technical platform which enables switching transactions from one acquirer to another one.

Such a platform should enable [**tokenization**](https://www.verestro.com/card-tokenization "Card Tokenization") of cards and transactions, should take all PCI DSS problems from your shoulders, and should be integrated with multiple acquirers from the moment of start. Thanks to it, you can switch **VISA** transactions through one acquirer, **Mastercard** through another one. You can use one acquirer on Mondays and another one on Fridays. You can switch transactions done in Europe with one acquirer and performed by users from America with another acquirer.

It gives you flexibility. It improves conversion rates. It gives you the opportunity to negotiate transaction fees regularly. It does not increase costs on your side as you have multiple partners integrated to the platform which means that you do not need to cover all costs of integration yourself.

Multi-acquiring is a very powerful tool for developing your eCommerce business.

Thanks for reading.

# How to increase approval rates in eCommerce?

Many merchants, especially in high risk area, face the problem of **low approval rates**. There are situations where 20-40% of transactions are declined. This is a real issue as it means a concrete loss of sales opportunity. In this article we will explain how it is possible to increase approval rates by using a [**multi-acquiring**](https://www.verestro.com/post/level-up-your-payment-processing-multi-acquiring-for-e-commerce) approach.

A standard **eCommerce merchant** signs a contract with one acquirer and enables users to use various ways of payment with this acquirer or **[payment gateway](https://www.verestro.com/online-payment-gateway)**. This leads to the situation that the merchant is dependent on this acquirer and the choice of choosing payment methods is usually on the customer's side. It also means that there is no way to use active management of a payment method depending on transaction and user behavior.

Main reasons of declines are the following:

- 05 - Generic decline (do not honor, transaction not allowed ...) - around 30-40% of cases. It is possible to optimize acceptance by using another acquirer, changing payment methods etc.
- 51 - Insufficient funds - around 20-30% of declines. In such case the only way to improve approval rate is offering loan to customer, kind of Buy Now Pay Later solution
- 14, N7 - Incorrect number/account, wrong CVC - 10% of declines - requires good UX for data improvement
- 41 - Lost/Stolen card - 10% of declines
- 54 - Expired card - possibility to use automatic upgrade of card data in database
- and a few other reasons

Improvements in approval rates will appear once you start managing this situation by storing user and payment data, learning user and transactional behavior, and proposing to users such methods which are best suited for him. It requires that you build or use a **card-on-file system** or even "payment-on-file system" that is independent from your main acquirer and you start actively proposing and testing payment methods to your customers.

When you learn that a particular payment method does not work, your gateway should propose an additional method of payment, especially using **tokens** and local payment methods which can improve approval rates a lot.

Once you (or your partner like **[<span style="color: #000000;">Verestro</span>](https://www.verestro.com/)**) store payment methods, you can automatically update the user payment method data to avoid reasons of an incorrect number, wrong CVC, expired card. By using **[tokenization](https://www.verestro.com/card-tokenization)** and wallet solutions you can also improve approval rates substantially.

Contact us if you want to go into details of this process.

# Payment service providers as eCommerce payment aggregators

In the digital age, where online shopping has become everyday life for millions of consumers around the world, eCommerce payments play a key role in shaping the shopping experience. Convenience and security are factors that influence purchasing decisions, and technological innovations make the payment process more and more complex and diverse.

#### ECommerce payment - what is it?

ECommerce payments are financial transactions carried out over the Internet that allow users to purchase for their shopping online. They include various payment methods such as:

- **Credit and debit cards -** the most popular payment method. It involves providing your payment card (e.g. Visa or Mastercard) details in the payment form issued by the payment gateway.  
    [![image.png](https://developer.verestro.com/uploads/images/gallery/2024-11/scaled-1680-/Qsnimage.png)](https://developer.verestro.com/uploads/images/gallery/2024-11/Qsnimage.png)
- **Electronic wallets** - services such as Apple Pay or Google Pay where card tokens generated for a specific card are returned to make a payment.  
    [![image.png](https://developer.verestro.com/uploads/images/gallery/2024-11/scaled-1680-/ZYRimage.png)](https://developer.verestro.com/uploads/images/gallery/2024-11/ZYRimage.png)  
    [![image.png](https://developer.verestro.com/uploads/images/gallery/2024-11/scaled-1680-/Wpaimage.png)](https://developer.verestro.com/uploads/images/gallery/2024-11/Wpaimage.png)
- **Open banking** - direct transfers from your bank account.  
    [![image.png](https://developer.verestro.com/uploads/images/gallery/2024-11/scaled-1680-/waJimage.png)](https://developer.verestro.com/uploads/images/gallery/2024-11/waJimage.png)
- **Crypto** - an increasingly popular method, although less common. This is a way of making transactions in which digital currencies based on blockchain technology are used instead of traditional fiat currency (such as dollars, euros or zlotys), e.g. Bitcoin, Ethereum, Litecoin or Ripple

ECommerce payments place a strong emphasis on security and convenience to meet the needs of both sellers and consumers. Additionally, they often involve various security systems, such as SSL, to protect users' personal and financial information and to   
prevent them from frauds.

As this field develops, more and more eCommerce payment methods are being created, and therefore there is a need for entities to aggregate available payment options in one place and allow them to manage sensitive card data in the name of the merchants that are not PCI DSS compliant. Such an entity is the [**<span style="color: rgb(0, 0, 0);">Verestro Paytool</span>**](https://developer.verestro.com/books/paytool), a payment gateway and a payment service provider that supports above mentioned payment methods such as credit and debit cards, payment with Google Pay and Apple Pay wallets and payment using the BLIK code.

#### How does it work?

1. **Selection of goods or services**
    - The customer selects the products or services he or she wants to buy and adds them to a shopping cart on the online store's website.
2. **Moving to checkout**
    - After completing the purchase, the customer goes to the “checkout” section, where he or she enters his/her contact information, shipping address and chooses a payment method.
3. **Choosing a payment method**
    - Online stores offer various payment methods, such as: Credit or debit card payments (Visa, Mastercard, etc.). 
        - **Credit and debit cards -** the most popular payment method. It involves providing your payment card details in the payment form issued by the payment gateway.
        - **Electronic wallets** - services such as Apple Pay or Google Pay where card tokens generated for a specific card are returned to make a payment.
        - **Open banking** - direct transfers from your bank account.
        - **Crypto** - an increasingly popular method, although less common.
4. **Payment authorization**
    - Depending on the payment method selected, the authorization process can be carried out in different ways: 
        - **Card payment:** the customer enters the card data (number, expiration date, CVV code) and approves the transaction. The payment system (e.g. Stripe, PayPal) then sends the data to the bank for authorization.
        - **Online transfer:** the system redirects the customer to his/her bank's website, where he/she logs into his/her account and approves the transfer.
        - **Electronic wallet:** after selecting a payment method, the customer logs into his/her wallet (e.g. PayPal), where he/she approves the payment.
5. **Transaction security**
    - Transactions are usually secured with encryption protocols, such as SSL (Secure Socket Layer), to prevent third parties from intercepting payment data.
    - In addition, some payment methods (such as card payments) require identity verification, such as 3D Secure, which is an additional verification step (such as an SMS code or approval in a bank app).
6. **Transfer of funds**
    - After a successful payment, the funds are transferred to the seller's account. Transaction processing time may vary depending on the payment method selected.

#### ECommerce payment flow using the Paytool payment service provider

The first step of each transaction always takes place in a merchant's application. Such an application is usually integrated with the various payment gateways (payment service providers) such as the Verestro Paytool. Choosing to pay using a particular payment service provider redirects the payer to the PSP's web view, where all payment methods offered by the PSP are listed. The view of such a use case from the end user's perspective has been shown below.

<table border="0" id="bkmrk-%C2%A0-%C2%A0" style="border-collapse: collapse; width: 100%; height: 29.7969px; border-style: hidden;"><tbody><tr style="height: 29.7969px;"><td style="width: 50%; height: 29.7969px;">[![image-1687851731553.png](https://developer.verestro.com/uploads/images/gallery/2023-06/scaled-1680-/image-1687851731553.png)](https://developer.verestro.com/uploads/images/gallery/2023-06/image-1687851731553.png)

</td><td style="width: 50%; height: 29.7969px;">[![image-1713956541731.png](https://developer.verestro.com/uploads/images/gallery/2024-04/scaled-1680-/image-1713956541731.png)](https://developer.verestro.com/uploads/images/gallery/2024-04/image-1713956541731.png)

</td></tr></tbody></table>

At the level of the view of the list with all available payment methods, the payment service provider - in this case the Verestro Paytool - is already responsible for the entire transaction. Regardless of which eCommerce payment method the payer chooses, the payment service provider must enable the payer to write out the card data or retrieve it from the mobile wallet (e.g. Google Pay, Apple Pay or Click to Pay), check the correctness of the data, perform payer and their card authentication (e.g. 3D Secure) or finally perform the transaction itself and inform the merchant and the payer about transaction final status.

[![diagram artcile paytool.drawio.png](https://developer.verestro.com/uploads/images/gallery/2024-12/scaled-1680-/diagram-artcile-paytool-drawio.png)](https://developer.verestro.com/uploads/images/gallery/2024-12/diagram-artcile-paytool-drawio.png)

#### How to integrate with the Verestro Paytool?

Leverage our quick and easy integration! Here you'll find instructions on how to integrate the Verestro Paytool solution: [How to integrate | Verestro Developer Zone](https://developer.verestro.com/books/paytool/page/how-to-integrate). Before using this solution, you must complete the onboarding process and create an account in the Verestro Paytool system.

If you are interested in Verestro's payment gateway, visit our [website](http://www.verestro.com/) and contact us.

[Jakub Kotyński](https://www.linkedin.com/in/jakub-1kotynski/)

# Direct Debit Payments from eWallet in eCommerce Environment

<span lang="EN-US">There is a new payment scenario appearing in the eCommerce landscape – payments directly from a wallet account. Let me describe this use case in this article. </span>

<span lang="EN-US">Let’s imagine you are a merchant or a marketplace where multiple users are using cards or various local payment methods for payments. It is obvious that Merchant Fee becomes an important cost factor in your business. Sometimes you pay 1%, but sometimes it can go up to 2-3-5%. There are several ways of limiting this cost – like [**multi-acquiring**](https://developer.verestro.com/books/knowledge-center/page/multi-acquiring-in-ecommerce-payments) described in another article, but one of the interesting ways of doing so is to create a wallet account with an IBAN for the user at the moment of transaction and enable him/her to make a banking transfer in order to charge this account later. </span>

<span lang="EN-US">This process can work in the following way:</span>

<span lang="EN-US">1. </span><span lang="EN-US">User chooses a product to purchase</span>

<span lang="EN-US">2. Merchant informs the user that they will receive a 0.5% discount if they pay by banking transfer</span>

<span lang="EN-US">3. </span><span lang="EN-US">User confirms payment and gets an IBAN</span>

<span lang="EN-US">4. </span><span lang="EN-US">User transfers money to the IBAN</span>

<span lang="EN-US">5. </span><span lang="EN-US">Merchant charges this account</span>

<span lang="EN-US">This process can be very useful as after making this transaction it is more likely that the user will repeat this payment process in the next transaction. Thanks to this the merchant can limit their acquiring fees because eventual transaction costs are moved to the user who is initiating a banking transfer in this case. In many countries, a local banking transfer or SEPA transfers are for free, so the users do not have obstacles and can use this payment method any time they come back to the merchant. </span>

<span lang="EN-US">In the case of marketplaces, this IBAN can also be used for merchants registered at a marketplace to process a transaction in and out in an effective way. </span>

<span lang="EN-US">Please contact us if you are interested in similar use cases. </span>