ACS In 3-D Secure 1 Versus
3-D Secure 2

Posted on

The emergence of 3-D Secure as a viable solution to limitations of credit card and debit card transactions has come to the fore with the release of its second version. Here, we will highlight the importance of ACS in the original version of the security system as well as discuss the improvements available in the second version.

What Is Access Control System (ACS)?

An Access Control System is a security system that takes into account a wide array of details available in its database when managing the authorized accessibility to a facility, environment or network. Therefore, only individuals who are able to submit legitimate credentials that match the information on the system’s database can access the network. This is particularly useful as a security system for online credit card transactions.

Apparently, we have witnessed its effectiveness in the 3D Secure Version 1.0, which is an XML-based protocol for the second layer of protection for credit card transactions on e-commerce sites. The payment security system paved the way for a trust-enabled ecosystem that has influenced the recent growth of e-commerce. 3D Secure 1 relies on the inputs from the three entities/domains that are involved in credit card transactions: the issuer of the card, the bank of the retailer/merchant and the credit card company utilizing the security protocol.

How Does ACS Work In 3D Secure 1?

The ACS is one of the interoperability domains, which the 3-D Secure Version 1.0 depends on for transaction authentication. As mentioned earlier, the security protocol involves inputs from the card issuer and this is made possible by using ACS to verify the status of the card as well as authenticating the transaction. In order words, the ACS serve as a system which allows card issuers ascertain the availability of 3D secure authentication for the card, as well as authenticating the credentials of the cardholder, whenever he or she is trying to make a transaction.

In the original version, cardholders would need to provide correct usernames and passwords so as to authenticate the legitimacy of their access. Afterwards, the signature is sent to the Merchant Plug-In (MPI) domain for further verifications.

Issues With ACS In The 3-D Secure Version 1.0

Although the 3-D Secure Version 1.0 has shown exceptional results in involving the card issuer in transaction authentications, issues like the unavailability of a user-friendly interface in the mobile browser continue to limit the effectiveness of the security system. For a cardholder to activate the security service, he/she needs to enter his/her bank details in a pop-up window. However, the inability of mobile browsers to accommodate the pop-up has proved to be an issue for the 3-D Secure Version 1.0.

Also, the possibility that cybercriminals can hijack the pop-windows since it is impossible to verify the source is another limitation plaguing the security protocol.

How Has ACS Improved On The 3-D Secure Version 2.0?

Owing to the fact that ACS plays a major role in the viability of 3-D Secure, it is only befitting that its latest upgrade tackles the above-mentioned issues. As such, the 3-D Secure Version 2.0 also known as EMV 3DS beefs up authentication by adopting biometric and token-based identity verification. This is a stark contrast to the static username and password only available on the previous version. Hence, the availability of more data for the ACS facilitates risk-based authentication while bolstering the importance of inputs from card issuers.  

Regarding the issue of users’ experience, the 3-D Secure Version 2.0 bypasses the initial sign up process in order to create a user-friendly and frictionless credit card transaction authentication system.


ACS continues to serve as the system that highlights the significance of verification inputs from card issuers in the latest version of 3-D Secure. This coupled with the fact the version solves lingering issues regarding user’s experience gives it an edge over the previous version.