top of page

Unlock Seamless Security: Verestro Access Control Server in 3D Secure 2.0

Updated: Jul 18

In the fast-paced world of digital commerce, online fraud remains a significant concern for businesses and financial institutions. Fortunately, a powerful solution exists to combat this threat while enhancing the customer experience: 3D Secure (3DS). Verestro is proud to announce its EMVCo-approved Access Control Server (ACS), a game-changer in the fight against card-not-present (CNP) fraud.


Table of Contents:



ACS IN 3DS 2.0

What is an ACS in the 3DS Ecosystem?


To understand the crucial role of an Access Control Server, it's essential to grasp the "3D" in 3D Secure, which refers to three interconnected domains:


  • Acquirer Domain: This domain includes the merchant and their acquiring bank, which handles the processing of card payments.

  • Issuer Domain: This represents the cardholder's issuing bank, the institution that issued the credit or debit card.

  • Interoperability Domain: This is the underlying infrastructure that ensures smooth communication between the acquirer and issuer during a transaction.


At the very core of the Issuer Domain is the Access Control Server (ACS). This is the sophisticated technology that Verestro has secured EMVCo approval for. The ACS acts as the central intelligence for the cardholder's authentication journey. It operates in real-time, meticulously assessing the risk associated with each transaction and, when necessary, prompting the cardholder for additional verification.


Why Choose the Verestro Access Control Server in 3D Secure 2.0?


Building and certifying your own ACS can be a daunting and expensive endeavor, often taking over a year and costing upwards of €100,000. The Verestro ACS eliminates these significant hurdles by providing a ready-to-use, fully certified solution. This translates to:


  • Rapid Deployment: Get up and running quickly, without lengthy development cycles.

  • Reduced Costs: Avoid the substantial investment required for in-house development and certification.

  • Full Compliance: Rest assured knowing you're fully aligned with evolving EMV® 3-D Secure standards and PSD2 SCA requirements.


Core Functions of the Verestro ACS:


The Verestro ACS is designed to handle critical aspects of 3DS authentication:


  • Verifying whether a card number is eligible for 3-D Secure authentication.

  • Determining if the consumer's device type supports 3-D Secure.

  • Authenticating the cardholder or confirming account information during transactions.


The Benefits of Partnering with Verestro for Your Security Needs


Our ACS solution offers a multitude of advantages for businesses and financial institutions:


  • Enhanced Customer Experience: Provide a fast, intuitive, and secure checkout process, leading to reduced cart abandonment and improved customer satisfaction.

  • Optimized Authentication Performance: Benefit from swift, reliable authentication flows that minimize delays and reduce failed transactions.

  • Device-Agnostic Compatibility: Ensure seamless operation across all channels, including web, mobile browsers, and mobile apps.

  • Frictionless and Low-Friction Authentication: Support risk-based authentication and modern, low-friction methods like biometrics, reducing the need for step-up challenges.

  • Higher Approval Rates with Lower Fraud: Improve authorization rates while maintaining high security standards. Significantly reduce fraud on 3DS-enabled transactions compared to non-3DS transactions.

  • Regulatory Compliance Made Easy: Stay fully aligned with evolving EMV® 3-D Secure standards and PSD2 SCA requirements – no additional development needed.

  • Faster Time-to-Market: Avoid long certification cycles and heavy infrastructure costs, getting your solution live quicker.


Key Features of the Verestro ACS


The Verestro ACS is packed with features designed for efficiency and control:


  • EMVCo Certified: Peace of mind with industry-standard certification.

  • SaaS Model: Enjoy a scalable, reliable, and maintenance-free solution.

  • Simple API Integration: Fast time-to-market thanks to easy integration.

  • Powerful Admin Panel:

    • Browse and review authentication events in detail.

    • Manage challenge screens and user flows via a flexible UI builder.

    • Define custom rules with a highly configurable Rule Engine.

    • Dashboard providing insights and key statistics at a glance.


Understanding Authentication Flows


The Verestro ACS supports various authentication flows to optimize the user experience and security:


  • Frictionless Flow: The cardholder is authenticated without any additional input, based on a real-time risk assessment using data such as transaction history, device information, and behavioral analytics. This is best for low-risk transactions, causing no user disruption.

  • Challenge Flow: The cardholder is required to complete a step-up authentication, such as entering a one-time passcode (OTP) or using biometrics. This is used for higher-risk or non-recognized transactions.

  • 3RI (Three Requestor Initiated): Authentication initiated by the merchant or payment service provider without the cardholder actively being involved (e.g., for subscriptions or card-on-file payments). This enables secure recurring or delayed transactions.

  • SPC (Secure Payment Confirmation): A new flow supported by some browsers (notably in the EU), using WebAuthn and device biometrics to allow strong customer authentication in a streamlined, secure manner. This combines strong security with an excellent user experience.


Diverse Authentication Methods


Our ACS supports a wide range of authentication methods to cater to different needs and preferences:


  • One-time passcode (OTP) sent via SMS

  • Out-of-band verification through a mobile app

  • Decoupled authentication

  • Biometric authentication

  • Other methods supported by EMV® 3-D Secure 2.3.1 and EMV® 3-D Secure 2.2.0


Comprehensive Device Channels


The Verestro ACS ensures seamless operation across all major device channels:


  • App-based

  • Browser-based


Unwavering Regulatory Compliance


Verestro's Access Control Server is fully compliant with major standards and certifications, ensuring your operations meet the highest industry benchmarks:


  • EMV® 3-D Secure 2.3.1

  • EMV® 3-D Secure 2.2.0

  • PCI-DSS

  • PCI 3DS


Verestro is excited to continue empowering the future of payments by providing our clients with this cutting-edge technology – the Access Control Server. This milestone reinforces Verestro's position as a trusted innovator, dedicated to making online transactions safer, smarter, and more seamless for everyone. If you are interested in our solution, don't hesitate to contact us.

Frame 3517oan.jpg

Interested in Fintech-as-a-Service? Discover how we can help you.

bottom of page