Technical body EMVCo and PCI Security Standards Council have announced that they are collaborating to support the upcoming launch of 3-D Secure 2.0 (3DS 2.0).
The announcement was made at the PCI Security Standards Council Community Meeting of global cyber security experts in Las Vegas, U.S, last week (20-22 September).
3DS is a messaging protocol used by the payments industry to enable consumers to authenticate themselves with their card issuers when making online purchases through PC web browsers. Later this year, EMVCo will release EMV® 3-D Secure – Protocol and Core Functions Specification v2.0 (EMV 3DS 2.0 Specification). This specification will support the payments industry in delivering a globally interoperable and consistent consumer experience across major e-commerce channels and connected devices, including in-app purchases.
Based on this functional specification, the PCI Security Standards Council is working to provide security requirements, testing procedures, assessor training and reporting templates to address the environmental security associated with 3DS 2.0. The related documentation will be released in the first half of 2017.
“3DS 2.0 is critically important to introduce improved authentication and we are excited to be working hand-in-hand with EMVCo to secure all payment channels,” said PCI Security Standards Council Chief Technology Officer, Troy Leach. “The marketplace is changing every day, and with mobile payments projected to continue to rise, it is vitally important that the security concerns be addressed in the design of the authentication system to keep up with the evolving threats.”
Jonathan Main, current Chair of the EMVCo Board of Managers, commented: “The EMV 3DS 2.0 Specification provides a functionality ‘tool box’ to parties who wish to develop and implement 3DS 2.0 compliant products and services. This enables all solutions to be globally interoperable and promotes a unified international payments framework. Following the release of the EMV 3DS 2.0 Specification later this year, solutions will be created and their introduction into the marketplace needs to be workable and defined. We recognise that this requires a number of industry stakeholders to work together to establish a secure framework and we are delighted to be collaborating with PCI Security Standards Council to facilitate this process.”