Technical body EMVCo has publicly released EMV® 3-D Secure – Protocol and Core Functions Specification v2.1.0. The updated document follows the release of version 2.0.0 in October 2016, and includes additional functionality and enhancements to promote secure, consistent consumer e-commerce transactions across all channels and connected devices, while optimising the cardholder’s experience. This version of the specification will be supported by an EMVCo testing programme to approve compliant solutions, to launch in 2018.
EMV 3-D Secure (3DS) is a messaging protocol that promotes frictionless consumer authentication when making card-not-present (CNP) e-commerce purchases. It enables consumers to actively authenticate themselves with their card issuers if cardholder verification is required. Consumer authentication by the exchange of 3DS data between the merchant and a card issuer can increase authorisation approval rates, as well as potentially reduce the risk of fraud.
Significant updates within version 2.1.0 include the addition of new functionality to enable merchant-initiated account verification, further clarifications on submitting a recurring or instalment payment request to the issuer, and improvements to out-of-band authentication transaction flows for an enhanced customer experience.
“With e-commerce use-cases expanding worldwide and new technologies emerging, EMV 3DS provides a consistent, global solution to authenticate users and deliver industry leading security and performance, without compromising user experience,” comments Jack Pan, EMVCo Executive Committee Chair.
EMVCo is using this specification to develop functional testing for EMV 3DS solutions to evaluate their compliance to version 2.1.0. It has published an approval administrative process, which specifies how to submit a product for compliance testing and request for its approval. This is supported by an EMVCo bulletin, which outlines the fee structure for EMV 3DS approval requests. In addition to this, EMVCo is also engaged with Payment Card Industry Security Standards Council (PCI SSC) to align on its recently released PCI 3DS Security Standard and related assessment programme. The work of both EMVCo and PCI SSC ensures an agile and workable structure is established for both functional testing and security evaluation of EMV 3DS solutions.
Cheryl Mish, EMVCo Board of Managers Chair, adds: “To further enhance and refine EMV 3DS, EMVCo has actively encouraged industry participation and input from individuals, companies and industry bodies. We have leveraged this engagement to advance the specification and ongoing testing activity to best address the long-term requirements of consumers and the various stakeholders working in this space.”