New specification to authenticate cardholders during card-not-present transactions across all e-commerce channels and connected devices promotes consumer familiarity, convenience and security
EMVCo has published EMV® 3-D Secure Protocol and Core Functions Specification v2.0.0 (EMV 3DS 2.0 Specification). The new specification provides a globally interoperable framework that promotes a consistent consumer experience across all e-commerce channels and connected devices when authenticating a cardholder. The specification is available, royalty free, from the EMVCo website.
3-D Secure (3DS) is a messaging protocol that enables consumers to authenticate themselves with their card issuers when making card-not-present (CNP) purchases or verifying their identity for various non-payment activities, like adding a payment card to a digital wallet. The exchange of data between the merchant using 3DS and a card issuer to authenticate a cardholder reduces the risk of fraud.
The EMV 3DS 2.0 Specification:
- Supports specific app-based purchases on mobile and other consumer devices, and traditional browser-based e-commerce channels.
- Improves the consumer experience by enabling intelligent risk-based decisioning that encourages frictionless consumer authentication.
- Delivers industry leading security features.
- Specifies use of multiple options for step-up authentication, including one-time passcodes as well as biometrics via out-of-band authentication.
- Details functionality that enables merchants to integrate the authentication process seamlessly into their checkout experiences, for both app and browser-based implementations.
- Offers performance advancements for end-to-end message processing.
- Adds a non-payment message category to provide cardholder verification details to support various non-payment activities.
“Besides security, the consumer experience is central to EMVCo’s work,” said Jonathan Main, Chair of the EMVCo Board of Managers. “In addition to engaging with industry experts, we conducted user testing in multiple markets to understand consumer preferences for verifying their identity online. Feedback has been incorporated into the new global specification to also accommodate country-specific preferences and regulatory requirements.”
The EMV 3DS 2.0 Specification received input from EMVCo Technical Associates throughout its creation. EMVCo encourages industry feedback from all parties active in this area via its Associates Programme, a participation framework that enables payment stakeholders to contribute to the outputs of the technical body.
Main adds: “The new specification gives industry the flexibility to effectively support new technology developments as consumer payments become increasingly digitised. We would like those interested in the evolution of the EMV 3DS 2.0 Specification to get involved to ensure their long-term requirements are considered for the future.”
The specification is available to download from the EMVCo website and will be used by parties who wish to develop and implement EMV 3DS 2.0 Specification compatible products. In future releases, the specification will be enriched to support additional non-payment user identification and verification use cases.