Friday, September 30, 2016
EMVCo, a global body owned by American Express Co., Discover Financial Services, Mastercard, China UnionPay and Visa Inc. that manages the EMV (Europay, Mastercard and Visa) technology protocol, disclosed in January 2015 that it would launch 3DS 2.0 in 2016. The EMV 3-D Secure – Protocol and Core Functions Specification v2.0 (EMV 3DS 2.0 Specification) will improve security and global interoperability while providing a consistent consumer experience across e-commerce channels, connected devices and in-app purchases, EMVCo stated.
The PCI SSC, a global payment data security forum that develops and manages the Payment Card Industry Data Security Standard (PCI DSS), will work closely with EMVCo to provide security requirements, testing procedures, assessor training and reporting templates, making reporting templates and related documentation available in 2017, council representatives stated.
3DS is a specification designed to authenticate payment card transactions that originate online. The messaging protocol creates an additional layer of security to protect the three different banks or "domains" of an ecommerce transaction: the issuing bank, acquiring bank and cardholder bank through multi-actor password or one-time password authentication. The technology was originally introduced as Verified by Visa in an effort to protect and enhance the online shopping experience.
The technology has subsequently been adapted by EMVCo and major payment card brands (in Mastercard's SecureCode, AmEx.'s SafeKey and JCB International Credit Co. Ltd's J/Secure) into a globally accepted security standard. EMVCo stated that Visa will own and manage its proprietary version of 3DS 1.0, while EMVCo continues to develop and enhance the EMV 3DS 2.0 standard.
An increasing focus on interoperability was a consideration in designing additional tools and application program interfaces to enable software developers to incorporate 3DS 2.0 into product and service offerings. Jonathan Main, EMVCo Board of Managers Chair, expects the "toolbox" to significantly enhance global interoperability across numerous ecommerce platforms while facilitating a unified international payments framework. "We recognize that this [effort] requires a number of industry stakeholders to work together to establish a secure framework and we are delighted to be collaborating with PCI Security Standards Council to facilitate this process," he said.
Additionally, the partners noted that EMV 3DS 2.0:
EMVCo and PCI SSC leaders expect 3DS 2.0 to continue its evolution in response to the ever-changing threat landscape, regulatory environments and payment data security initiatives. The partners additionally noted their commitment to creating a flexible, adaptable framework designed to support a range of online and mobile payment schemes and emerging payment technologies.
Making tool kits widely available will reinforce interoperability across multiple markets while supporting new application development and payments innovation, EMVCo stated. "Following the release of the EMV 3DS 2.0 Specification later this year, solutions will be created, and their introduction into the marketplace needs to be workable and defined," Main said.
Troy Leach, Chief Technology Officer at the PCI SSC added, "The marketplace is changing every day, and with mobile payments projected to continue to rise, it is vitally important that the security concerns be addressed in the design of the authentication system to keep up with the evolving threats."
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
