The Mir Payment system is a young Russian national payment card system that is making waves. Mir began issuing cards in 2015, and has continued expanding their services since. The payment system makes use of several security protocols, which we will introduce in this blog.
The History of Mir
The Mir Russian National Payment Card System was brainstormed in 2014 as a means to offer reliable electronic money transfers both in Russia and abroad. The system was launched in 2015. It was adopted by the Central Bank Of Russia in 2017. It has since become accepted by Russia’s most important companies, such as Aeroflot and Russian Railways. Their cards are now issued by Russia’s largest banks, including Sberbank. By the End of 2016, more than 1.75 million cards had been issued. By the end of 2017, this figure had risen to over 19 million.
The payment system’s main objectives revolve around security and reliability. Mir seeks to be a leading provider of reliable money transfers in Russia. They focus on security to facilitate trust and security in cashless payments. As a service dedicated to the Russian financial sector, Mir seeks to create a Russian sovereign payments area. This would allow individuals and institutions to conduct payments independently from foreign companies.
The broader goal of Mir is to offer reliable Mir payment cards as national payment cards. After this, the young company plans to promote their card in the international market.
Mir offers several products, with their own benefits and different security protocols. Among their primary products, they offer several cards:
World Debit Card
This card is great for online transactions. This card is offered as either a pre-paid or debit card.
World Classic Card
This card is suited for everyday payments. It offers online or offline payments. It also offers all the traditional services expected of a debit card.
World Premium Card
The World Premium Card is the most advanced of Mir’s card products. It offers all the normal debit card features, and much more. With the world premium card, you get cash back on every purchase. You also get the entire spectrum of benefits and bonuses. These benefits include SMS alerts and personal support from your bank.
Mir offers extra cards for those with specific financial needs:
Employee cards come with many features that are useful to employees and employers. Employers can establish a system of specialized benefits provided to each employee. They can also maintain detailed records through Mir’s payment system. These cards also offer plenty of other perks, such as digital signatures.
Mir student cards can be offered to educational institutions. They are tailored completely to the needs of students. They offer features for managing scholarships and subsidies, differentiated benefits and authorization features. They also offer a parental control option that makes responsible budgeting easier.
There are other cards offered for pensioners, among others.
Aside from cards, Mir’s other products consist primarily of payment systems. Their MirAccept payment systems are what make their offer of security and reliability possible. The MirAccept payment systems are built on the 3D secure standard. The 3D secure standard is a common payment authentication system that aims to prevent fraudulent transactions. There are actually several versions of 3D secure, and Mir has different versions of it.
Payment Security Platform MirAccept 1.0
MirAccept 1.0 uses the 3D Secure 1 Protocol. The 3DS1 protocol was made to increase confidence in online payment systems. It is an XML protocol originally designed by Visa. This was an important step towards the evolution of e-commerce. The more common examples of 3DS1 have been marketed under different names, for example, Mastercard SecureCode and Verified By Visa are both examples of 3DS1 protocols.
The 3 Domains protocol essentially checks with three domains to ensure the transaction is legitimate. First, there is the issuer domain. This is generally the bank issuing the card. The issuer bank implements the protocol through a merchant plug-in (MPI). The second is the acquirer domain. This is the bank that the merchant receiving the payment uses. The acquirer implements 3D Secure using an Access Control Server (ACS). The last is the interoperability domain. This is the domain provided by the payment system operating the cards and 3D system. Each card scheme operates a Directory Server (DS), which is responsible for connecting the acquiring and issuing banks.
MirAccept 1.0 adopts same principles of this security protocol. This increased the security of Mir payments, but has often been criticized for not going far enough. It is still not difficult for an intelligent attacker to steal cardholder information, which is one of the shortcomings of 3DS1.
MirAccept 2.0 & 3D Secure 2 Protocol
MirAccept 2.0 uses the more up-to-date 3DS2 protocol. 3DS1 uses static passwords. However, static passwords can be easily compromised by hackers, and are much less secure than other methods such as one-time-passwords (OTP). 3DS2 offers OTP verification, as well as token-based and biometric authentication. 3DS2 also provides risk-based authentication, which decides whether or not to process a transaction based on a calculated amount of fraud risk.
3DS2 reduces transaction abandonments through the introduction of the new “frictionless flow”. 3DS2 also adds many features and improvements, including:
- Non-standard extensions meeting specific regulations and requirements
- Improved messaging between domains
- Non-payment user authentication
- Better datasets in a risk-based authentication
- Greater decision-making and authentication capabilities
- Better prevention from unauthenticated payments. This includes cases where a card is stolen.
MirAccept 2.0 offers a mobile SDK (Software Development Kit) application suite. This allows you to have a much greater resource pool for a mobile app you are developing. This effectively translates into an improved process with lower overhead.
Between the two versions of the 3D secure protocol, we’d highly recommend the second. The effect it will have on your security will give you peace of mind. You can look further into SDK for your business’ specific needs.
GPayments Support for Mir Accept 2.0
To provide greater coverage and support for all partners processing online payments in Russia, GPayments Mobile SDK offering is compatible with Mir Accept 2.0. For more information, please visit: https://www.gpayments.com/solutions/mpi-activemerchant/3d-secure-2.0-mobile-sdk/
Further Adoption in Russia & Abroad
Mir is continuing to spread its influence both in Russia and abroad. They are under Russia’s NSPK, the National Payment Card System. In the years following 2016, Mir has been working hard to gain acceptance internationally. Their efforts are paying off.
Mir has secured agreements with Mastercard, JCB and Union Pay, among others. They have a presence in France and Germany as well.
In Russia, the system’s maturity has been demonstrated. In 2017, Russia created a law mandating that all banks use Mir for welfare and pension payments. The security offered makes Mir ripe for greater expansion in Russia and abroad.