EMVCo has issued a press release announcing 3D Secure 2.2, a new version that takes advantage of Europe’s Second Payment Services Directive (PSD2) exemptions for Strong Consumer Authentication while also enabling operation even when the cardholder is offline:
“EMV 3DS specification version 2.2.0 builds upon the current specification version 2.1.0 which is available today on the EMV 3DS Test Platform, enabling 3DS product providers to confirm that their solutions will perform in accordance with the specification. Support of v2.1.0 is required in order to implement v2.2.0. Key updates within version 2.2.0 include:
- Improved communication between merchants and issuers, enabling Europe’s Second Payment Services Directive (PSD2) exemptions for Strong Consumer Authentication to be applied. While the previous version of the EMV 3DS Specification enables PSD2 compliance, the latest updates provide additional features for merchants and issuers to maximise the benefit of the available exemptions.
- Two new features to enable authentication for various payment scenarios including mail order and telephone order transactions:
o 3DS Requestor Initiated (3RI) payments – enabling a merchant to initiate a transaction even if the cardholder is offline.
o Decoupled authentication – allowing cardholder authentication to occur even if the cardholder is offline.
- Expansion of existing data elements to promote communication of pre-checkout authentication events and associated data as part of the EMV 3DS transaction from systems such as those supporting the FIDO Alliance standards.
These enhancements are available if all 3DS components involved in the transaction have updated their software to support v2.2.0.
“EMV 3DS exists to promote secure, consistent consumer authentication for e-commerce transactions across all channels and connected devices, while optimising the cardholder’s experience,” comments Stephanie Ericksen, Chair of the EMVCo Executive Committee. “Our work in this area continues to evolve to ensure we respond to new marketplace requirements. EMVCo continues to encourage the payments community to get involved and provide feedback on the EMV 3DS activity.”
Earlier this year EMVCo announced the availability of the full EMV 3DS Test Platform, which enables the functional testing of EMV 3DS solutions. Letters of Approval are currently being issued for those 3DS products that have successfully tested against version 2.1.0. A list of approved products can be found on the EMVCo website. Products submitted for EMV 3DS v2.2.0 compliance testing will also be tested against EMV 3DS v2.1.0 to receive an EMV 3DS v2.2.0 Letter of Approval. Testing support for version 2.2.0 is expected to be available mid-2019. Progress updates will be posted on the EMVCo website.”
It will be interesting to discover what additional device and user data will be collected to validate the user in this new spec, but with 286 pages of specifications misinterpretations can occur in numerous ways, so a test platform is clearly needed. Perhaps a simpler approach would be a reference implementation.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group