New specification to authenticate cardholders duringcard-not-present transactions across all e-commerce channels and connecteddevices promotes consumer familiarity, convenience and security
25 October 2016 – EMVCo has published EMV® 3-D SecureProtocol and Core Functions Specification v2.0.0 (EMV 3DS 2.0 Specification). The new specificationprovides a globally interoperable framework that promotes a consistent consumerexperience across all e-commerce channels and connected devices whenauthenticating a cardholder. The specification is available, royalty free, fromthe EMVCo website.
3-D Secure (3DS) is amessaging protocol that enables consumers to authenticate themselves with theircard issuers when making card-not-present (CNP) purchases or verifying theiridentity for various non-payment activities, like adding a payment card to adigital wallet. The exchange of data between the merchant using 3DS and a cardissuer to authenticate a cardholder reduces the risk of fraud.
The EMV 3DS 2.0Specification:
- Supports specific app-based purchases on mobile and other consumer devices, and traditional browser-based e-commerce channels.
- Improves the consumer experience by enabling intelligent risk-based decisioning that encourages frictionless consumer authentication.
- Delivers industry leading security features.
- Specifies use of multiple options for step-up authentication, including one-time passcodes as well as biometrics via out-of-band authentication.
- Details functionality that enables merchants to integrate the authentication process seamlessly into their checkout experiences, for both app and browser-based implementations.
Offers performance advancements forend-to-end message processing.
Addsa non-payment message category to provide cardholder verification details tosupport various non-payment activities.
“Besides security, the consumer experience is central to EMVCo’s work,”said Jonathan Main, Chair of the EMVCo Board of Managers. “In addition toengaging with industry experts, we conducted user testing in multiple marketsto understand consumer preferences for verifying their identity online.Feedback has been incorporated into the new global specification to alsoaccommodate country-specific preferences and regulatory requirements.”
The EMV 3DS 2.0Specification received input from EMVCo Technical Associatesthroughout its creation. EMVCoencourages industry feedback from all parties active in this area via its Associates Programme, a participation framework that enables paymentstakeholders to contribute to the outputs of the technical body.
Main adds: “The new specification gives industry the flexibility toeffectively support new technology developments as consumer payments becomeincreasingly digitised. We would like those interested in the evolution of theEMV 3DS 2.0 Specification to get involved to ensure their long-termrequirements are considered for the future.”
The specification is available to download from the EMVCo website andwill be used by parties who wish to develop and implement EMV 3DS 2.0Specification compatible products. In future releases, the specification willbe enriched to support additional non-payment user identification andverification use cases.