Blog article
See all stories »

Object reference not set to an instance of an object.

Comments: (8)

Paul Love
Paul Love - Konsentus - Nottingham 25 July, 2017, 11:381 like 1 like

Great article - it does look like there is a compelling case for harmonisation between W3C, EMVCo 3DS, and the upcoming Payment authentication processes being defined as part of the Open Banking APIs.

Milos Dunjic
Milos Dunjic - TD Bank Group - Toronto 25 July, 2017, 12:22Be the first to give this comment the thumbs up 0 likes

Agreed ... thanks for taking time to read and discuss Paul

Nick Collin
Nick Collin - Collin Consulting Ltd - London 26 July, 2017, 12:12Be the first to give this comment the thumbs up 0 likes

Yes, great article and yes, there is clearly a need for harmonization.  I was not aware of the W3C payments activity until I googled it but now I'm somewhat concerned about industry participation on the working groups.  Although Amex is widely represented, MasterCard is less so, and Visa appears to be completely absent!  Is this an issue?  As someone wedded to the EMV infrastructure and deeply involved over the years in EMV 3DS, I believe, rightly or wrongly, that it should be "embedded" or at least "seriously taken account of" rather than "killed"!

Milos Dunjic
Milos Dunjic - TD Bank Group - Toronto 26 July, 2017, 12:38Be the first to give this comment the thumbs up 0 likes

Thanks Nick. Yes it is concerning that traditional payment networks are not the main force behind this standardization initiative. PayPal is also somewhat quiet about it. IMO, main winners, if this becomes ubiquitous in future browsers will be merchants and FIs like banks and credit unions.

Sadra Boutorabi
Sadra Boutorabi - GPayments - Sydney 08 August, 2017, 10:201 like 1 like

Thanks for sharing Milos.

Just posted a blog on why I think this won't be the 3DS killer!

I would love to hear your thoughts on this.

Nick Collin
Nick Collin - Collin Consulting Ltd - London 08 August, 2017, 12:14Be the first to give this comment the thumbs up 0 likes

I think you're probably right Sadra.  It always takes much longer for the payments industry to change than anyone ever expects.  The EMV chip standard was introduced in the early 1990's and is only now starting to be adopted in the US!  Hopefully 3DS will evolve gradually in the direction of whatever is good about the W3C initiative.

Incidentally, I've noticed that I'm now rarely asked to complete 3DS authentication even on sites which support it.  Presumably my bank has implemented some kind of adaptive neural network fraud detection software and decided I'm relatively low risk!

Milos Dunjic
Milos Dunjic - TD Bank Group - Toronto 26 August, 2017, 13:06Be the first to give this comment the thumbs up 0 likes

Hi Sadra thanks for your response and your own article as a direct response to this one. I have read your arguments and understand your reasoning. I may need to clarify the basic premise of my theory ... I agree that W3C Web Payment Standardization won't kill 3DS immediatelly and I generally agree with most of observations in your counter-article (not all though).

However IMO, over time, as every single 'obstacle to wide adoption of W3C Web Payment Standardization' that you listed is eliminated, 3DS will most likely become obsolete ... simply because there would be no '3 domains' anymore ... we will simply have Merchant Domain and Issuer Domain only, mediated directly by the compliant browser. There will be no need for Merchant Plug-Ins, 3DS Directories, etc, etc.

Once the Issuer W3C compliant Payment App is triggered (I see FIs becoming main providers of these), the Issuer's W3C compliant Payment App can use any authentication method to securely and reliably authenticate the customer and guarantee payment.

How long will it take for W3C Web Payment Standard to become widespread? I beilieve 5 years from now, the funny "Nascar of pay-with buttons" on online merchant sites shall be replaced with only 1 PAY button. But fully agree with you - FIs may be slow (we are catching up quickly though), politics of current players play a big role, etc. 

Hope this clarifies my thinking.

A Finextra member
A Finextra member 18 October, 2017, 08:08Be the first to give this comment the thumbs up 0 likes

Nick - it will probably be the CA RIsk analytics product implemented by HSBC/First Direct and RBS - i commented over on the other Finextra post on this subject... Its an intelligent adaptation of the 3DS protocol - pushing it back to a backstop role. 

Milos Dunjic

Milos Dunjic

AVP, Payments Innovation Technology Solutions

TD Bank Group

Member since

17 Jan 2016



Blog posts




This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

See all