EMV 3-D Secure - Enhancing Security and User Experience in e-commerce
Written by: Vinicious Mesquita
EMV® 3-D Secure is the next generation of the industry standard 3-D Secure (3DS) online authentication for use with electronic commerce payment. Owned and managed by EMVCo, the final version of 3DS Specifications was released on October 2017 and is licensed for use to 3rd parties to develop products based on these specifications.
Introduction of EMV 3-D Secure
To deal with the challenges of the current and future market requirements, the 3DS specifications have been updated. The purpose of this update has been to enhance security, support app-based authentication and improve the cardholder experience during the checkout process. Liability shift will happen between April 19 and September 19.
The main enhancements of EMV 3-D Secure compared to 3DS 1.0 are:
- Support of in-app purchases on mobile phone and other customer devices.
- Enable merchants to integrate the authentication process into their checkout experiences, for both app and browser-based implementations.
- Enable the issuing banks to perform risk-based decisions on the transaction authorization that enables frictionless consumer authentication when the customer is not required to perform an additional authentication to the bank.
- Enables non-payment customer authentication that allows services like Identification & Verification (ID&V) for mobile wallets and secure request of tokens for card on file.
- New components, new flows, new messaging (you can check with more details in this blogpost)
A typical transaction: 3DS 1.0 vs EMV 3-D Secure
There are a number of differences between the transaction flow between 3DS 1.0 and EMV 3-D Secure. The typical transaction flow for each version is shown in the figure below followed by a high-level overview of the differences between the versions in terms of system components, flow and messaging.
Also EMV 3-D Secure improvements in the areas of user experience, authentication and in flexible devices.
In conclusion, it is crystal clear that EMVCo took into consideration the needs of the fast-moving market of e-commerce. The result of this review and consequently the improvement of the specifications show that EMVCo has taken 3-D Secure seriously and works methodically towards changing the status quo of the online payment market. Furthermore, in contrast to 3DS 1.0, the second version of the 3D-Secure is developed with a collective effort of a large group of people and international organizations. That indicates to us that 3-D Secure will be more technically consistent and will eliminate the interoperability issues that might have existed in the past. EMVCo seems to have put its expectations high regarding 3-D Secure, but what is left to be seen now, is the market’s reaction. With the updated specifications EMVCo has expressed its intention to introduce a product that will constantly evolve, taking into consideration the e-commerce market needs.