Request a quote

+49 6196 7873 745 Callback service
VAT (value added tax) reduction: In the performance period from 1st July to 31st December 2020, we will reduce the VAT from 19% to 16% for you.

Strong customer authentication (SCA)

Glossary

Our service for you: a glossary of the most important terms to do with SCA implementation

Acquirer

Company that concludes acceptance agreements with merchants for the acceptance of international credit and debit cards and that takes over the entire processing of payments (from technical processing through to transferring the sales to the merchant).

Acquirer bin

The acquirer bin is a unique reference of the credit card organisations assigned to the acquirer.

Acquirer country code

The acquirer country code is a fixed value and should always contain ‘276’ for the authentication of Concardis customers, and it appears in all GICC authorisation requests.

Acquirer merchant ID

The acquirer merchant ID describes the ID which the acquirer has allocated to the merchant.

Authentication request

An authentication request is always exchanged between the authentication system of the card issuer and the authentication system of the payment service provider (PSP), and it serves to verify the authenticity of the cardholder.

Authorisation request

An authorisation request is always exchanged between the authorisation system of the card issuer and the processing system of the acquirer. It checks the availability of the requested amount on the card of the cardholder.

API

The application programming interface (API) describes the usually proprietary transfer method (interface) of messages between the two different IT systems.

EMV 3DS challenge flow

EMV 3DS challenge flow describes the process in which the cardholder is required to authenticate themselves. If the challenge flow is successfully completed, the liability for a payment transaction authenticated using the EMV 3DS challenge flow is transferred from the merchant to the card issuer.

EMV 3DS protocol

The EMV 3DS protocol was implemented by the card organisations and aids the exchange of authentication requests between the authentication components of the card issuer and those of the PSPs.

EMV 3DS server

The EMV 3DS server is a software component required for the EMV 3DS2 authentication process and it takes over central tasks related to authentication. It is generally operated by a payment service provider.

EMV 3DS SDK

The EMV 3DS service development kit (SDK) is a software component that enables merchants to initiate and carry out authentication processes directly from the merchant’s own app. Functions of the EMV 3DS protocol are processed in the SDK.

GICC

The General ISO 8583 Credit Card (GICC) protocol is a protocol for processing cashless payments, primarily credit card payments. It is based on ISO 8583 and is used in Germany in particular.

The acquiring host of Concardis currently supports the newest version 5.4 of GICC.

Hosting

Hosting is a process through which software components are operated on IT infrastructures that are not owned by the company. In the context of SCA, the EMV 3DS server is often operated by a payment service provider in the form of hosting

Implementation

Implementation is defined as the process through which software components are created and transitioned to operation.

KAAI

Key accounts authorisation interface (KAAI) is an authorisation protocol commonly used in the payment industry and, unlike GICC, it can work without terminal IDs.
The acquiring host of Concardis currently supports the newest version 3.3 of KAAI.

Merchant category code

The merchant category code (MCC) is a numerical value provided by the credit card organisations that identifies the type of business operated by the merchant. It is indicated by the acquirer for every payment transaction.

Merchant name

The merchant name is determined by Concardis when a new contract is created. New merchants who do not use the Concardis e-commerce solution (Payengine) are informed of this name immediately after it is created because it must be presented to the authenticating entity (generally the PSP of the merchant).

Migration period

The migration period is, strictly speaking, merely a grace period during which BaFin allows its customers (acquirers and card issuers) to delay implementation of the SCA Directive – which entered into force on 14 September 2019 – until 31 December 2020. However, this effects exclusively e-commerce transactions.

MIT

Merchant-initiated transactions (MIT) are payment transactions which are not subject to the SCA obligation. They are initiated by the merchant without the cardholder being present. However, these payment transactions must always refer to a previous transaction that underwent complete SCA. In general, an MIT is therefore a payment transaction that can be connected to previously stored and authenticated payment transactions, e.g. via a customer account with the merchant.

PSP

A payment service provider (PSP) is a company that offers merchants the use of various payment types. The payment gateway operated by the PSP routes the payment transactions, depending on the payment method selected, to the payment network that processes these payments.

PSD2

The Payment Service Directive (PSD) is the new payment directive for electronic and cashless payments in the European Economic Area (EEA). The objective is to ensure greater transparency and security in online payment processes and to promote innovation.