For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
Great article - it does look like there is a compelling case for harmonisation between W3C, EMVCo 3DS, and the upcoming Payment authentication processes being defined as part of the Open Banking APIs.
Agreed ... thanks for taking time to read and discuss Paul
Yes, great article and yes, there is clearly a need for harmonization. I was not aware of the W3C payments activity until I googled it but now I'm somewhat concerned about industry participation on the working groups. Although Amex is widely represented,
MasterCard is less so, and Visa appears to be completely absent! Is this an issue? As someone wedded to the EMV infrastructure and deeply involved over the years in EMV 3DS, I believe, rightly or wrongly, that it should be "embedded" or at least "seriously
taken account of" rather than "killed"!
Thanks Nick. Yes it is concerning that traditional payment networks are not the main force behind this standardization initiative. PayPal is also somewhat quiet about it. IMO, main winners, if this becomes ubiquitous in future browsers will be merchants
and FIs like banks and credit unions.
Thanks for sharing Milos.
Just posted a blog on why I think this won't be the 3DS killer!
I would love to hear your thoughts on this. https://www.finextra.com/blogposting/14384/why-w3c-web-payment-standardisation-wont-be-the-3d-secure-killer
I think you're probably right Sadra. It always takes much longer for the payments industry to change than anyone ever expects. The EMV chip standard was introduced in the early 1990's and is only now starting to be adopted in the US! Hopefully 3DS will
evolve gradually in the direction of whatever is good about the W3C initiative.
Incidentally, I've noticed that I'm now rarely asked to complete 3DS authentication even on sites which support it. Presumably my bank has implemented some kind of adaptive neural network fraud detection software and decided I'm relatively low risk!
Hi Sadra thanks for your response and your own article as a direct response to this one. I have read your arguments and understand your reasoning. I may need to clarify the basic premise of my theory ... I agree that W3C Web Payment Standardization won't
kill 3DS immediatelly and I generally agree with most of observations in your counter-article (not all though).
However IMO, over time, as every single 'obstacle to wide adoption of W3C Web Payment Standardization' that you listed is eliminated, 3DS will most likely become obsolete ... simply because there would be no '3 domains' anymore ... we will simply have Merchant
Domain and Issuer Domain only, mediated directly by the compliant browser. There will be no need for Merchant Plug-Ins, 3DS Directories, etc, etc.
Once the Issuer W3C compliant Payment App is triggered (I see FIs becoming main providers of these), the Issuer's W3C compliant Payment App can use any authentication method to securely and reliably authenticate the customer and guarantee payment.
How long will it take for W3C Web Payment Standard to become widespread? I beilieve 5 years from now, the funny "Nascar of pay-with buttons" on online merchant sites shall be replaced with only 1 PAY button. But fully agree with you - FIs may be slow (we
are catching up quickly though), politics of current players play a big role, etc.
Hope this clarifies my thinking.
Nick - it will probably be the CA RIsk analytics product implemented by HSBC/First Direct and RBS - i commented over on the other Finextra post on this subject... Its an intelligent adaptation of the 3DS protocol - pushing it back to a backstop role.
AVP, Payments Innovation Technology Solutions
TD Bank Group
17 Jan 2016
07 Jan 2019
24 Nov 2018
11 Aug 2018
03 Jun 2018
This post is from a series of posts in the group:
A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.