eSec SSL Interface Verified by Visa & MasterCard SecureCode Flowchart

Merchants signed up with the Verified by Visa or MasterCard SecureCode anti-fraud schemes may utilise eSec's implementation of the systems with the SSL Interface product. The flow of data using this interface is depicted in the flowchart below. Items on the left shown in "browser windows" are the web pages which will be visible to the customer during the process.

1. The merchant's payment page posts variables to eSec as described in the SSL Interface developer's guide.
2. eSec communicates with Visa or MasterCard (depending on the card type used) to determine if the merchant and/or the card have been enrolled in the scheme.
3. If the card is enrolled, the customer is presented with the issuing bank's password entry page. This displays the bank's logo, the cardholder's "Personal Message" and the password field. The customer enters their password and submits the form.
   If the cardholder is not enrolled for VbV or SecureCode, processing continues as normal (from step 6) and the issuer's page is never displayed.
4. The card issuer makes its own connection to Visa or MasterCard and checks whether the correct password was entered by the customer. The result of this authentication is posted back to eSec.
5. If the password was not authenticated, eSec will NOT process the financial transaction, and the customer will be redirected to the merchant's failure page.
6. The financial transaction is processed as normal, and the customer is redirected to the merchant's success or failure page, as required.