With the proliferation of online payments, new security threats are surfacing on a daily basis. Since card-present transaction security has improved significantly with the implementation of chip-based transaction authentication measures, fraudsters are now targeting card-not-present environments. Recognizing the need to standardize next generation payment security for card-not-present transactions, EMVCo has released the next version of the three-domain-secure specification [3DS 2.0] to extend its support to new payment channels such as tablets and smartphones, while reducing friction and improving user experience.

RS Software has developed a unique 3DS2.0 Test Simulator platform based on the 3DS 2.0 standard which enables our customers to test different components of the entire 3DS 2.0 ecosystem such as Access Control Server (ACS), Directory Server (DS), 3DS Requestor, and 3DS Client using the service virtualization technique.

RS Software has successfully implemented the simulator for a leading Japan-based payment service provider for their new ACS system currently being developed following the EMVCo 3DS 2.0 specification.

RS Software’s in-depth expertise on payment security and 3DSecure that were utilized on this engagement stems from the following experiences:

• RS has worked with the world’s leading global payment network to develop 3D Secure 1.0
• We worked with multiple payment institutions to develop hosted payment solutions based on microservice architecture; through these engagements we have developed proficiency in payment security and transaction risk evaluation
• Our proprietary RS Test2Pay™ product framework was created for the simulation of payment services as per the EMVCo specification

As an outcome of the above assets, RS Software has created a technology framework for 3DS 2.0 environment simulation which can simulate all 3DS 2.0 components as defined by EMVCo as well as act as a Sandbox to help development of interfacing components.

1. General

• a. Architected to support high volume of transactions
• b. Built on a multi-tenant model to support multiple users simultaneously
• c. Designed to test multiple instances of the 3DS 2.0 component with a single test instance of the simulator
• d. Capable of driving large batches of transactions to test system throughput to desired TPS [e.g. 100 TPS]
• e. Components can be configured to modify message data element content at the user level

2. User Management

• a. Role based authentication
• b. Manage user (add / update )

3. Test Setup

• a. Manage Test Cards
• b. Manage simulated Test Devices (iOS / Android / Windows)
• c. Configure message elements for testing
• d. Configure AUT (Application Under Test) details
• e. Export / Import User Configuration

4. Test Management with an integrated 3DS Test Scenario repository

• a. Manage (Add / Update / Delete) Test Scenarios
• b. Execute Test Scenarios (single and multiple)
• c. Test Result history
• d. Export / Import of Test Scenarios

5. Test Execution

• a. Execution of adhoc scenarios
• b. Execution of pre-defined scenarios
• c. Display of test results at the message level in an integrated JSON editor for better understanding
• d. Download test results

6. Automated Execution

• a. Execute Multiple Test Scenarios
• b. Execute Load Testing

The base product was customized for our customer to address:

• 1. Customer environment related changes
• 2. Customer implementation of ‘Message Encryption’ and ‘Key Pair Generation’
• 3. Device Data generation requirement (outside simulator automation)

The entire deployment service provided to the customer includes:

• 1. Setting up production environment (Linux) – This does not include hardware configuration and software requirement provided in advance to our customer
• 2. Deployment of 3DS 2.0 Test Simulator in production environment
• 3. Integration of 3DS 2.0 Test Simulator with customer ACS system
• 4. Post deployment support

Given below is the scope of this particular deployment of the Simulator with respect to EMVCo 3DS 2.0 specifications: