Over recent years, the EMV® 3-D Secure (EMV 3DS) Specifications have evolved to include various new technical features to address payments innovations, emerging regulatory requirements and shifting consumer behaviours.
As the specifications have expanded, EMVCo has received feedback from its Associates, Subscribers and other industry participants requesting guidance on how the features can support key business cases.
These include how better to achieve a frictionless experience, provide different challenge methods to authenticate cardholders, or support the growing popularity of recurring and instalment transactions.
While EMVCo itself is not involved in the implementation of EMV Specifications, the industry feedback signalled a clear opportunity to help banks, solution providers and merchants optimise the development and deployment of EMV 3DS solutions.
In this post, Tabitha Odom, Chair of the EMVCo 3DS Working Group, explains how the launch of a new, interactive online resource addresses this opportunity and will help promote more secure and seamless online payments.
Q: What is the new EMV 3DS resource published by EMVCo?
EMVCo has released its EMV 3DS White Paper (first published as a PDF file in April 2024) in an interactive online format. This provides industry participants with an accessible, easy-to-use resource that promotes a comprehensive understanding of the EMV 3DS Specifications.
By summarising the business value, technical features and user experience considerations associated with key use cases, the interactive white paper offers guidance on how EMV 3DS technology can be used to help streamline consumer authentication and enhance fraud prevention.
Q: Who can access the new resource?
The interactive white paper is publicly available for anyone to access free of charge. It is aimed at diverse groups with varying perspectives, whether you require a high-level overview of the capabilities of EMV 3DS, specific technical detail to support the development or implementation of EMV 3DS solutions, or a demonstration of the user experience.
Q: What use cases does the white paper address?
The white paper currently explores three key EMV 3DS use cases: Frictionless authentication, out-of-band authentication, and recurring and instalment transactions:
- Frictionless authentication
The EMV 3DS ‘frictionless flow’ enables issuers to accept transactions without challenging cardholders, resulting in a seamless shopping experience for both cardholders and merchants. This can help to reduce cart abandonment and the risk of fraud.
The frictionless experience is achieved through a real-time risk assessment that considers various data elements, including the details of the transaction, the cardholder’s transaction history and relationship with the merchant, the device used to perform the transaction, and other technical details such as the device location or IP address.
The white paper explores how the risk assessment is enhanced by two key EMV 3DS features – Trust Lists and Device Binding. Trust Lists enable the cardholder to create a list of preferred merchants, while Device Binding allows cardholders to link the device used for e-commerce transactions to their payment card. These features result in faster transactions and fewer challenges.
- Out-of-band authentication
Out-of-band (OOB) authentication challenges the cardholder to authenticate with their issuer through a separate channel, helping to improve security and reduce fraud. For example, the issuer may request the cardholder to use their mobile banking application to authenticate and validate the transaction performed on a laptop browser.
The white paper demonstrates how the specifications support various options for OOB authentication. This includes automated OOB transitions, which help the consumer to switch seamlessly between a merchant application and an authentication application.
- Recurring and instalment transactions
Recurring payments involve cardholders granting permission for merchants to automatically charge their payment cards for an ongoing service (such as a monthly subscription to a streaming platform). Instalment payments are payments made to a pre-agreed schedule for goods and services that have already been fully delivered (such as paying for a sofa in six instalments).
Recurring and instalment payments are increasingly popular as they offer cardholders and merchants significant flexibility and convenience. However, detailed information must be communicated between the issuer, merchant and cardholder during set-up to help prevent disputes or declines for future payments.
The white paper identifies how EMV 3DS data elements address the potential for significant variability across recurring and instalment payments use cases. Payment arrangements may include a free trial period or an initial one-time purchase, followed by fixed amount subscription fees for the rest of the recurring payments. Payments may also have a variable amount and fixed frequency, a variable amount and variable frequency, or a fixed amount and variable frequency.
Q: Which versions of the EMV 3DS Specifications does the white paper reference?
The white paper demonstrates how key features can be leveraged depending on whether v2.2, v2.2 in combination with the Bridging Message Extension, or v2.3.1 is supported. For certain features, differences that may exist between the different specification versions active at the time of release are highlighted.
Q: Will EMVCo update the white paper to include more use cases in the future?
EMVCo is planning to update the white paper to add new use cases to support the deployment of Message Extensions and the Split-SDK. Other technical features will also be included, such as Secure Payment Confirmation (SPC) and WebAuthn.
Q: How else is EMVCo working to support payment industry stakeholders?
EMVCo is working closely with Associates to explore opportunities to simplify the EMV 3DS Specification structure to increase agility and better support emerging use cases such as IoT payments. Simplifying the document structure will also help enable a more streamlined testing infrastructure in the future.
Q: How can I get involved to help shape the evolution of the EMV 3DS Specifications?
EMVCo is committed to extensive, ongoing engagement with Associates, Subscribers, industry partners and the wider payments ecosystem to evolve the EMV 3DS Specifications and supporting testing infrastructure. All interested parties are strongly encouraged to get involved.