EMVCo today announces the publication of the EMV® 3-D Secure Protocol and Core Functions Specification v2.2.0.
The updated specification includes enhancements to promote an optimised consumer experience while supporting new authentication channels when making e-commerce transactions.
EMV 3DS is a messaging protocol that promotes frictionless consumer authentication and enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorised CNP transactions and protect the merchant from exposure to CNP fraud.
EMV 3DS specification version 2.2.0 builds upon the current specification version 2.1.0 which is available today on the EMV 3DS Test Platform, enabling 3DS product providers to confirm that their solutions will perform in accordance with the specification. Support of v2.1.0 is required in order to implement v2.2.0. Key updates within version 2.2.0 include:
• Improved communication between merchants and issuers, enabling Europe’s Second Payment Services Directive (PSD2) exemptions for Strong Consumer Authentication to be applied. While the previous version of the EMV 3DS Specification enables PSD2 compliance, the latest updates provide additional features for merchants and issuers to maximise the benefit of the available exemptions.
• Two new features to enable authentication for various payment scenarios including mail order and telephone order transactions:
o 3DS Requestor Initiated (3RI) payments - enabling a merchant to initiate a transaction even if the cardholder is offline.
o Decoupled authentication - allowing cardholder authentication to occur even if the cardholder is offline.
• Expansion of existing data elements to promote communication of pre-checkout authentication events and associated data as part of the EMV 3DS transaction from systems such as those supporting the FIDO Alliance standards.
These enhancements are available if all 3DS components involved in the transaction have updated their software to support v2.2.0.
“EMV 3DS exists to promote secure, consistent consumer authentication for e-commerce transactions across all channels and connected devices, while optimising the cardholder’s experience,” comments Stephanie Ericksen, Chair of the EMVCo Executive Committee. “Our work in this area continues to evolve to ensure we respond to new marketplace requirements. EMVCo continues to encourage the payments community to get involved and provide feedback on the EMV 3DS activity.”
Earlier this year EMVCo announced the availability of the full EMV 3DS Test Platform, which enables the functional testing of EMV 3DS solutions. Letters of Approval are currently being issued for those 3DS products that have successfully tested against version 2.1.0. A list of approved products can be found on the EMVCo website. Products submitted for EMV 3DS v2.2.0 compliance testing will also be tested against EMV 3DS v2.1.0 to receive an EMV 3DS v2.2.0 Letter of Approval. Testing support for version 2.2.0 is expected to be available mid-2019. Progress updates will be posted on the EMVCo website.