EMV® 3-D Secure - Enhancing Security and User Experience in e-commerce
Written by: Vinicious Mesquita
EMV® 3-D Secure is the next generation of the industry standard 3-D Secure (3DS) online authentication for use with electronic commerce payment. Developed by EMVCo, the latest version of 3DS Specifications was released on October 2017 and is licensed for use to 3rd parties, royalty free, to develop products based on this specifications.
Introduction of EMV 3-DS
To deal with the challenges of the current and future market requirements, the EMV 3DS Specification has been updated. The purpose of this update has been to enhance security, support app-based authentication and improve the cardholder experience during the checkout process.
The main enhancements of EMV 3DS compared to 3DS 1.0 are:
- Support of in-app purchases on mobile phone and other customer devices.
- Enable merchants to integrate the authentication process into their checkout experiences, for both app and browser-based implementations.
- Enable the issuing banks to perform risk-based decisions on the transaction authorization that enables frictionless consumer authentication when the customer is not required to perform an additional authentication to the bank.
- Enables non-payment customer authentication that allows services like Identification & Verification (ID&V) for mobile wallets and secure request of tokens for card on file.
- New components, new flows, new messaging (you can check with more details in this blogpost)
A typical transaction: 3DS 1.0 vs EMV 3DS
There are a number of differences between the transaction flow between 3DS 1.0 and EMV 3DSThe typical transaction flow for each version is shown in the figure below followed by a high-level overview of the differences between the versions in terms of system components, flow and messaging.
Also EMV 3-D Secure improvements in the areas of user experience, authentication and in flexible devices.
In conclusion, it is crystal clear that EMVCo took into consideration the needs of the fast-moving market of e-commerce. The result of this review and consequently the improvement of the specifications show that EMVCo has taken EMV 3DS seriously and works methodically towards changing the status quo of the online payment market. Furthermore, in contrast to 3DS 1.0, the EMV 3DS is developed with a collective effort of a large group of people and international organizations. That indicates to us that 3-D Secure will be more technically consistent and will eliminate the interoperability issues that might have existed in the past. EMVCo seems to have put its expectations high regarding 3-D Secure, but what is left to be seen now, is the market’s reaction. With the updated specification EMVCo has expressed its intention to enhance a protocol that will constantly evolve, taking into consideration the e-commerce market needs.
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.