Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • SafeKey Merchant FAQ Global

    Încărcat de

    Zeeshan Qureshi
    116 vizualizări1 pagină
    asdf

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    asdf

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    116 vizualizări1 pagină

    SafeKey Merchant FAQ Global

    Încărcat de

    Zeeshan Qureshi
    asdf

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 1

    MERCHANT FAQ

    Q1: How can a Merchant begin enrollment, certification and


    testing for American Express SafeKey?

    Q5: Will Merchant Terms and Conditions require changes to


    support the American Express SafeKey programme?

    Merchants will be able to enroll and collect test results from testing
    in the SafeKey programme by visiting the SafeKey enrollment portal
    amexsafekey.com. Alternatively Merchants can contact their
    Payment Service Provider or visit amexsafekey.com.

    Yes, the Terms and Conditions for American Express Card Acceptance
    may be amended or re-issued to enable the Fraud Liability Shift.
    Q6: What is the definition of an attempted transaction?

    Depending on the processing model, varying levels of technical


    development may be required to support the integration of
    American Express SafeKey. Merchants should consider costs
    incurred from internal technical development and external linkages
    with third parties.

    An American Express SafeKey authentication attempt occurs when a


    Merchant requests to authenticate the Cardmember but the
    Cardmember or Issuer has not been enrolled in the SafeKey
    programme, and both the Merchant and Issuer are in SafeKey
    designated markets. In this scenario, valid authentication data [e.g.
    American Express Verification Value (AEVV) and Electronic
    Commerce Indicator (ECI)] value will be required in the Authorisation
    and Submission messages as evidence of the attempt.

    Q3: Can SafeKey be turned off by the Merchant after


    implementation?

    Q7: Will a participating Merchant obtain a Fraud Liability Shift on


    all Internet transactions?

    Technically, SafeKey can be switched off by the Merchant. However,


    please note that the intention of SafeKey is to reduce instances of
    online card fraud. As such, American Express does not recommend
    turning off SafeKey at any time in accordance with guidelines.

    No. Merchants can only obtain FLS on fully authenticated SafeKey


    charges. For non-authenticated SafeKey charges, or standard ecommerce charges, the standard Card Not Present card acceptance
    policy applies and the Merchant is liable if the Cardmember later
    disputes the charge.

    Q2: What is the estimated development effort for a Merchant


    choosing to implement American Express SafeKey?

    Q4: How is a Card authenticated and authorised when both


    the Merchant and Cardmember are enrolled in American
    Express SafeKey?
    (i)

    During checkout, the Cardmember inputs their payment


    method as American Express and provides the Card number.

    (ii)

    The Merchant Plug-in (MPI) component running at the


    Merchant will communicate with the American Express
    Directory Server to determine if the American Express Card is
    enrolled in American Express SafeKey.

    (iii)

    The American Express Directory Server will communicate with


    the Card Issuer to determine if the Card is enrolled in the
    service.

    (iv)

    The Issuer will respond with a status of Y if the Card is


    enrolled, along with a URL where the Cardmember needs to
    be sent for authentication (the Authentication Site).

    (v)

    The Merchant application will automatically redirect the


    Cardmember to the Authentication Site.

    (vi)

    At the Authentication Site, the Issuer will display the password


    page where the Cardmember will input the password. The
    Issuer will send a response to the Merchant with the
    authentication result. For security, the message will be
    digitally signed.

    (vii) The MPI will validate the signature and advise the Merchant of
    the authentication result.

    Q8: Where can a Merchant obtain Authorisation and Submission


    specifications for American Express SafeKey?
    The most up-to-date global Merchant technical specifications can be
    found at americanexpress.com/merchantspecs. For additional
    information on which market standard specifications currently support
    American Express SafeKey, Merchants may contact their American
    Express Client Manager or their Payment Service Provider (PSP).
    Q9: Who should a Merchant contact for additional information?
    For additional details, Merchants can contact their PSP or visit the
    American Express SafeKey website amexsafekey.com.
    Q10: What criteria must be satisfied for a Merchant to qualify for
    the Fraud Liability Shift?
    In order to be eligible for the Fraud Liability Shift a Merchant must:

    Use all other American Express online fraud prevention tools


    available in their market, and
    Utilize SafeKey, and
    Maintain a Fraud-to-Gross (FTG) level of 1% or less for all SafeKey
    transactions.

    In the UK, for example, this would mean the Merchant would need to
    participate in AVS and collect/send the Printed Card Security Code
    (PCSC) in addition to utilizing SafeKey and maintaining the appropriate
    FTG level.

    (viii) The Merchant can approve or decline the transaction based


    on the authentication result.

    Page | 1 of 1
    November 2012

    2012 American Express All Rights Reserved

    Merchant FAQs

    S-ar putea să vă placă și