EMVCo LLC revealed plans on Jan. 8, 2015, to leverage 3D Secure (3DS) to help stem a rising tide of e-commerce fraud while enhancing global interoperability and security. 3DS, a technology developed by Visa Inc. and subsequently licensed by MasterCard Worldwide, is designed to protect card-not-present (CNP) transactions by incorporating an additional layer of security into the online checkout process.
Six major card brand members comprise EMVCo: American Express Co., Discover Financial Services, JCB International Credit Card Co. Ltd., MasterCard, China UnionPay and Visa. The global technical body has broad support from banks, merchants, payment processors, vendors and other stakeholders who participate as EMVCo Associates.
An effort to evolve and streamline
The rapid growth of mobile payment technologies has made it necessary to create a simplified version of the EMV (Europay, MasterCard and Visa) standard that will make it easier for consumers to safely transact in e-commerce and m-commerce environments.
Payments industry analysts are hopeful the new 3DS standard will address inherent flaws in previous versions, which some consider to be cumbersome due to the requirement that consumers enter multiple, distinct passwords within a single transaction.
EMVCo Executive Committee Chair Tac Watanabe noted the need to secure CNP transactions while global e-commerce and m-commerce continue to expand. The committee plans to further strengthen the technology platform with 3DS 2.0, a user-friendly version with enhanced interoperability.
“Increased security [should not] cause product abandonment or make online shopping inconvenient,” Watanabe said. “It also needs to align with the needs of today’s market stakeholders. The EMV 3DS 2.0 Specification will address this by enabling the merchant to offer a better, more streamlined authentication experience across different devices and channels.”
Protecting three ‘domains’ with 3DS
3D Secure stands for Three Domain Secure, a specification that supports authentication for payment card transactions that originate on the Internet. The technology is designed to protect the three different banks or “domains” of an e-commerce transaction: the issuing bank, acquiring bank, and cardholder bank.
3D Secure is the underlying technology platform for Verified by Visa, a process that validates a cardholder’s identity during the online checkout process by requiring an additional password or other form of data to ensure that only the cardholder can use a particular Visa-branded card online.
Participating merchants displaying a Verified by Visa logo on their websites prompt participating cardholders to enter the additional data, ostensibly helping customers feel more secure when shopping online. This additional security can potentially improve transaction security, reduce operational expenses and streamline the dispute resolution process.
3D Secure works across multiple device platforms in e-commerce and m-commerce environments. It can be used with multiple authentication technologies including passwords, digital certificates and chip cards.
Reliable, secure, international framework
Sean Conroy, EMVCo Board of Managers Chair, said the goal of the technical body is to define the specifications in conjunction with the payments community and establish a reliable, international framework that facilitates digital commerce without compromising security.
“We recognize that advancing the enhanced 3DS specification to meet the needs of consumers and merchants today will greatly enhance the usability of the specification and its appeal to suitably authenticate e-commerce cardholders,” Conroy said.
He added that EMVCO provides the “technical depth and strategic knowledge to bring the relevant parties together to establish an industry-available specification that will be scalable to support future market needs across a number of different stakeholders.”
Kamran Chaudhary, Director of Compliance Technology at ANXeBusiness Corp., believes EMVCo’s decision to leverage 3DS is in sync with other efforts within the industry to secure payments in CNP and mobile environments.
“Bluefin’s recent certification of mobile P2P, using an encrypted USB device that can be used in card-not-present environments is just one example of the innovation that is going on in the e-commerce and m-commerce environments and the payments industry’s investment in security,” Chaudhary said.
He added that the “coming liability shift in October has raised awareness of the importance of EMV. While we anticipate some challenges in implementation, we expect EMV adoption to significantly decrease fraud while delivering significant benefits to payments industry stakeholders.”
Randy Vanderhoof, Executive Director of the Smart Card Alliance feels EMVCo’s announcement shows awareness of the expanding payment landscape and the need for industry-wide, interoperable standards to help secure all retail commerce channels, including the CNP channel. “The timing of this announcement is especially good in the U.S., where the migration to EMV chip technology is helping to secure the card-present channel and retailers are actively exploring ways to secure the card-not-present channel at the same time,” he said.
EMVCo expects to deploy the new specification in 2016. Industry stakeholders interested in collaborating on the 3DS 2.0 initiative can visit EMVCo’s Associates Program page at www.emvco.com/faq.aspx?id=188 .