Merchant plug-in

{{Short description|Software module designed to help prevent credit card fraud}}

A merchant plug-in (MPI) is a software module designed to facilitate 3-D Secure verifications to help prevent credit card fraud.{{cite web

| url=http://usa.visa.com/merchants/payment_technologies/tech_vendors_vbv.html

| title=Visa USA Merchants Verified by Visa

| accessdate = 2008-09-25

}} The MPI identifies the account number and queries the servers of the card issuer (Visa, MasterCard, or JCB International) to determine if it is enrolled in a 3D-Secure program and returns the web site address of the issuer access control server (ACS) if it is found.{{cite book

| last = Bidgoli

| first = Hossein

| title = The Internet Encyclopedia

| publisher = John Wiley and Sons

| year = 2004

| isbn = 0-471-22203-8 }} Merchants are responsible for using an SSL/TLS MPI at their servers.{{cite journal

| author = Jarupunphol, Pita

|author2=Mitchell, Chris J.

| title = MEASURING 3-D SECURE AND 3D SET AGAINST E-COMMERCE END-USER REQUIREMENTS

| url =https://repository.royalholloway.ac.uk/file/6d0714f7-289d-bb8a-c21c-5e83bfa382b6/9/m3sa3s.pdf

| accessdate = 2017-05-22 }}

Each card issuer is required to maintain an ACS used to support cardholder authentication. A customer authenticates to this ACS by providing their username and password and the ACS signs the result (success or failure). This signature is then passed through the customer's browser and to the MPI. The plug-in verifies the ACS signature and decides if it wishes to proceed with the transaction.{{cite journal

| author = Balfe, Shane

|author2=Paterson, Kenneth G.

| title = Augmenting Internet-based Card Not Present Transactions with Trusted Computing

| url =http://www.isg.rhul.ac.uk/~kp/CNP.pdf

| accessdate = 2008-09-25 }}

Commercial MPI software is available from a number of vendors.