As EMVCo prepares to unveil a major update to the 3-D Secure specification for authenticating online transactions, Visa says that it expects to set a migration deadline for European merchants of April 2018.
3-D Secure is a messaging protocol used by the payments industry, under the Verified by Visa and MasterCard SecureCode banners, to enable consumers to authenticate themselves with their card issuers when making online purchases through PC web browsers.
With the ecommerce landscape changing massively in the years since its release, EMVco is preparing a 3-D Secure 2.0 in a bid to help the industry deliver a globally interoperable and better user experience that also accommodates new devices, such as mobiles, and ways to pay, such as in-app purchases.
Documentation is slated for release in the first half of 2017 and Visa says that it is already doing internal development to make Verified by Visa and its consumer authentication service ready ahead of early industry adoption by the middle of next year.
However, the card giant says that to make sure stakeholders have time to implement new products and services, it will hold off on certain rules - such as fraud chargeback protection on merchant-attempted 3-D Secure 2.0 transactions - until the programme activation date.
Activation dates will vary between regions. In Europe, where risk-based authentication is already heavily in play, activation is likely to be April 2018, but the plan for other markets has not yet been decided.
Mark Nelsen, SVP, risk and authentication products, Visa, says: "As the industry moves collectively to adopt and implement the 3-D Secure 2.0 protocol, Visa will partner with stakeholders around the globe to deploy pilots in advance of the program activation date."