EMVCo updates 3-D Secure specification to combat card not present fraud

EMVCo has published the EMV 3-D Secure protocol and core functions specifications v2.2.0 to promote an improved consumer experience while supporting new authentication channels during e-commerce, mail order and telephone order transactions.

The EMV 3-D Secure (3DS) specification version 2.2.0 builds upon the current specification version 2.1.0, which became available Friday on the EMV 3DS test platform that is used by companies to confirm that their solutions will perform in accordance with the specification.

“EMV 3DS exists to promote secure, consistent consumer authentication for e-commerce transactions across all channels and connected devices, while optimising the cardholder’s experience,” Stephanie Ericksen, who chairs the EMVCo executive committee, said in a press release. “Our work in this area continues to evolve to ensure we respond to new marketplace requirements. EMVCo continues to encourage the payments community to get involved and provide feedback on the EMV 3DS activity.”

When EMVCo launched 3DS 1.0 well over a decade ago it failed to gain traction among merchants and security providers, as it was largely password-based and had a rather obtrusive user experience. When the 2.0 specification was finalized in 2016, the intent was to reduce the friction felt by consumers and merchants and improve overall security for cards used in e-commerce shopping.

The main updates to the version 2.2.0 include improved communication between merchants and issuers that will enable Europe’s Second Payment Services Directive (PSDS2) exemptions for Strong Consumer Authentication (SCA) to be applied. The new version also contains two new features that support mail and telephone order transactions. The first new feature, 3DS Requestor Initiated (3RI) payments, enables a merchant to initiate a transaction even if the cardholder is offline. The second new feature is called Decoupled Authentication; it allows cardholder authentication to occur even if the cardholder is offline.

The banks and card networks have shown optimism this year with EMVCo’s phased rollout of 3DS 2.0 as it has gained momentum in signing up new banks and fintechs to its associates program.

This summer, EMVCo launched its3DS test platform for security providers to help them development solutions and allow them to receive approval from EMVCo confirming that their software operates within the protocol and core-functions specifications.