access control server letter of approval

With online payments, there is never enough precaution when it comes to fraud. There is no version too many of the security protocols when it comes to protecting payment data. That is why the first version of 3-D Secure was designed to increase consumer confidence towards online payments and entice the growth of e-commerce.

Now EMV 3-D Secure apart from the being the better version of its previous self, also enables non-payment authentication, for example, when users enter their card details into a mobile wallet.

Where does the Access Control Server fit in?

The letter-number combination 3-D, contrary to the popular association, does not refer to three dimensions but to the three domains involved in a secure payment online: the bank issuing the card, the bank of the merchant to which payment is to be made, and the interoperability domain provided by the credit card organisation supporting the 3-D Secure protocol.

onlineshopping 2.png

Access Control Server is one of the key protocol elements. It is within the issuing domain but communicates with the Interoperability domain and Acquirer domain. 3DS Server is within the acquiring domain, and the Payment schemes are within the interoperability domain.

ACS basically manages the authentication process for cardholders. When a cardholder makes a purchase request, the merchant initiates the ACS authentication process. The ACS then communicates directly with the cardholder to authenticate his/her identity (challenge flow) or silently authenticates the cardholder using Risk-Based-Authentication (frictionless flow). During the process, ACS communicates with the Payments schemes and Payment gateway/3DS Server where it sends the authentication requests and in return receives responses.

And what about us?

We are proud to announce that Mercury Processing Services International successfully passed the EMVCo testing and received their Letter of Approval for our Access Control Server 2.0. In addition, we are highly ranked among early adopters of this advanced payment service, according to the official EMVco list of the certificate holders. Up to now, we have already had more than 1300 successful tests done.


The benefits of using the new protocol and within it ACS are plentiful, for all the parties involved. Because of the risk-based authentication, out of all authentications in 3DS 2.0, only 5% of them will be challenged, as the card schemes’ announced.

Introducing this solution means an increase in online purchases through cardholder confidence, reduction in operational expenses and chargeback handling costs as well as enabling a wide choice of authentication methods. Our solution also supports voluminous requests over time, is flexible and customizable, user-friendly and proven because after all, we are operating on an in-house developed ACS solution from 2005.

All in all, for merchants, the major benefit of the upgraded security protocol is that it protects their customers from the threat of payment fraud which in turn builds trust. 

Therefore, cardholders will more likely engage in higher transaction values as their level of confidence is increased.