 |
What is Integrated Mobile Secure (IMS)?
The Infinitium Integrated Mobile Secure [IMS] is a payment server product designed for Issuing Bank to enable
them to provide a comprehensive payment verification and authentication capability for their Card-Not-Present
(CNP) transactions.
Authentication for payment especially for CNP such as E-commerce and MOTO (Mail Order Telephone Order) is
one of the main challenges facing the Payment Industry affecting all the parties in the ecosystem - Acquiring
Bank, Merchant, Issuing Bank and Card Holder.
The 3D Secure Framework is widely recognized as the standard for Verification and Authentication under VISA’s
VBV and Master’s SecureCode program that was introduced largely to address the E-commerce channel.
Infinitium IMS solution is designed as an extension of the 3D Secure Framework to enhance the verification and
authentication process with mobile extension. Some of the key benefits includes-
 |
2 Factor Dynamic Authentication to address Phishing, Trojans, Man-In-Middle, Keyboard logging attacks. |
|
Utilizes Stronger Security Control with Dynamic Password/One Time Password/Mobile Signature. |
|
Eliminate the need for customer to register and remember static password. |
|
Real Time Fraud Notification and Reporting by Card holder. |
|
Capability to extend to more channel such as MOTO and EDC Terminal. |
|
Alternative solution for Pre-EMV and Pre-Pin roll-out. |
|
| The key highlights of IMS is the capability to extends the 3D framework to include other payment channel notably MOTO transactions as well as the elimination of static password with 2 FA Dynamic Authentication that is in line with the direction of many security policy set by central bank governing agencies. |
Features and Functionalities
 |
Ease of Implementation
Infinitium IMS provides a “ready to go” hosted solution model whereby all the infrastructure are ready for deployment. Minimal time to market and eliminates the need to manage the system and maintenance functions. |
|
 |
Elimination of Static Password
One of the most significant enhancements with IMS is the ability to
eliminate the need of Static Password. Card Holder does not need to
register and remember any password.The challenge of forgetting and
resetting the password is also eliminate. |
|
 |
Enrolment and Registration Process
Enrolment and Registration has always been the Achillies’ heel of the 3D
deployment for the 2 Issuer due to it’s complexity and customer participation
issues. With IMS, Issuer can proceed with Mass Enrolment without
requiring further “action” from cardholder. With these flexibility and
simplicity, the 3D secure adoption will be successful. |
|
 |
Transaction Filtering
Issuer may opt to configure and activate the Transaction Filtering
features which has the control to bypass the IMS authentication process
for certain transaction that fulfills certain criteria that is deem low risk. |
|
 |
Fraud Notification
Every time a credit card is been used in CNP scenario, IMS will send an
authentication message to the cardholder mobile devices. The
cardholder will be able to report a fraudulent transaction in real time if
they ever suspected that their card has been compromised. IMS can
trigger the bank host to temporarily suspend the card in such event. This
will help the bank to further minimize fraud and chargeback. |
|
 |
Full Compliance
Infinitium IMS is developed to be fully compliant with payment standards
in mind. IMS supports both Visa’s 3D Secure and Mastercard SPA-UCAF
standards. Infinitium IMS is fully comply with PCI-DSS. In addition,
Infinitium strong in-house R&D team and innovative support ensures that
the product stays relevant in today’s dynamic world. |
|
 |
Enhanced Security with Dynamic Authentication
IMS enhances the standard customer authentication protocols such as Visa’s 3D Secure and MasterCard’s SPA-UCAF with
additional processes via the IMS adaptor. The IMS not only offers the capability for 2 Factor “Out of Band” authentication via
mobile devices eliminating the threats of Phishing, Trojans, Man-In-Middle attack and keyboard logging.
Infinitium IMS also supports a wide range of authentication methods providing flexibility to Issuer to pick and choose different
authentication methods that suits the market demand. Some of the possible authentication methods includes:- |
|
IMS Authentication Processing
| 1 |
Card holder initiate payment request. |
| 2 |
Merchant submit transaction request to acquiring bank. |
| 3 |
The acquiring bank's MPI query Visa/Master directory whether credit card number is participated in IMS secure. If the card is
participated in IMS, Visa/Master directory send back MPI a URL to access IMS. |
| 4 |
The MPI sends an authentication request to the IMS via cardholder browser. |
| 5 |
IMS send a authentication request to card holder. |
| 6 |
Card holder authenticate the payment request. |
| 7 |
IMS returns the authentication result to MPI. |
| 8 |
If authentication success, then MPI will notify acquirer to proceed with payment authorization. |
| 9 |
Acquirer bank communicate with Issuer bank for payment authorization. |
| 10 |
The payment status will be updated to merchant. |
Hosted Infrastructure Diagram
|
Sample Screenshot of IMS
 |
|
| Sample screen on mobile phone when requesting digital from card holder. When cardholder call up, customer service agent will search for cardholder card number for detail information. Customer service agent are allow to edit status, mobile number and authentication type. |
 |
 |
| Sample screen on statistic page is display based on issuing card brand. The total of incomplete, successful, failed, unavailable authentication are display here. |
 |
 |
| Sample screen on Incoming Authentication. Customer services agent are able to search and filter Authentication Attempt, Authentication Statistic, Incoming Verification, Registration Attempt report. |
|
Sample Screen Shot of Various Authentication Methods
 |
|
Sample screen on web-browser when requesting mobile
authentication from card holder |
Sample screen on mobile phone when requesting mobile
signature from card holder |
 |
 |
Sample screen on web - browser when requesting user to enter
one-time password - Sms Push B |
Sample screen on web-browser when requesting card holder to
reply one-time password through mobile phone - Sms Push A |
 |
 |
Sample screen on web-browser when requesting user to enter
one-time password - OTP Dongle A |
Reply one time password generated by dongle through mobile
phone - OTP Dongle B |
|
|
