The field of the disclosure relates generally to a method and a corresponding proxy server, system, computer-readable storage medium and computer program, and, more particularly, to an authentication method which authenticates a client party to a transaction by determining if the client is a holder of an account provided by the client to be used in the transaction.
With the proliferation of the Internet, more and more people are using e-commerce to conduct transactions. Conducting transactions over the Internet has the advantage of convenience, lower costs and mass market reach for both merchants and clients. However, the anonymity of an e-commerce transaction brings potential issues of fraud and misuse. It is beneficial for a transacting merchant to confirm if a person who initiates a remote transaction (e.g. a client) is a holder of an account which they request to be used in the transaction. It is also beneficial for the holder of the account to be informed when a transaction is initiated using his account.
There are standardized services or protocols which allow merchants to authenticate transactions thereby reducing the likelihood of fraud. Such services may be generally referred to as authentication services. One such example is the 3-D Secure™ Network service. The 3-D Secure™ Network service leverages existing Secure Socket Layer (SSL) encryption functionality and provides enhanced security through authentication of the client. A participating merchant typically subscribes to the 3-D Secure™ Network. As a subscriber to the 3-D Secure™ Network service, the participating merchant may use a piece of software called Merchant-Plug-In (MPI) to exchange messages and pass information to the card issuer to authenticate the card account to be used in the transaction. In this way, the participating merchant establishes an authentication session to confirm if the client is the rightful holder of the account. However, merchants may prefer not to subscribe to such authentication services to avoid card abandonments and improved user experience.
In view of the above, it would be desirable to authenticate a transaction without requiring the transacting merchant to first subscribe to an authentication service.