> Anonymization using 3D Secure > ------------------------------------ > > Would it be possible using 3D Secure that you used a single > Issuer PAN and then did local transfers from the actual user's > account to the master account? > > Anders >
Do you mean that the cardholder would enter a generic, issuer specific, number that would initiate the 3-D Secure dialogue into which they would enter their individual card? While, in theory, this should be possible (although it breaks a few rules in the DS and the ACS standards), the merchant will still have to know the card number to process the authorisation. In theory, the merchant could use the generic card details at authorisation time and the issuer could track the actual card holder using the CAVV/UCAF value supplied. Unfortunately, these values are not passed through a settlement time so there would have to be another way to ensure that the cardholders account was debited and the merchant credited, possibly using the auth code generated. One of the problems with this scenario would be the times when the acquiring bank (or the scheme) perform the auth themselves (because the cannot contact the issuer). In this case there would be no way to tie the "dummy" card number to a real one. Note: The above discussion on auth and settlement is based around the APACS standards as used in the UK, not sure about the ISO standards. -- Regards Dave
