Tuesday, November 7, 2017
Global technical body EMVCo released EMV® Secure Remote Commerce (SRC) – Technical Framework version 1.0 Nov. 2, 2017, a set of guidelines designed to protect in-app, mobile and ecommerce transactions. In addition to reducing exposure to data compromise, SRC will simplify merchant support by creating a new framework for the remote commerce environment, with consistent roles and methodologies for participating parties that manage payment card data, according to EMVCo representatives.
Jack Pan, EMVCo Executive Committee Chair, said growing consumer adoption of mobile and virtual payments and the ever-present danger of cybersecurity threats have made a broader SRC both necessary and inevitable. “As payments technologies advance, the EMV Specifications evolve to address emerging challenges and meet new requirements," he said. "EMVCo has the strategic breadth, industry knowledge and technical ability, coupled with a proven record of specification delivery, to facilitate the development of secure and interoperable remote payment solutions.”
A new report published Nov. 7, 2017 by Aite Group LLC found online payment fraud is surging due to criminals' shift from physical to online commerce following global EMV (Europay, Mastercard and Visa) implementation. Report author and Senior Analyst Ron van Wesel said increasing fraud makes strong (multifactor) customer authentication methods imperative for remote payments.
The new SRC framework attempts to protect payment card data wherever consumers choose to shop, while also maintaining a consistent customer experience. EMVCo summarized the key objectives as simplicity, security and interoperability. “While data storage solutions to protect card and account data are widely implemented, the actual method of delivering the payment card data to the merchant has vulnerabilities that can potentially be exploited,” said Cheryl Mish, EMVCo Board of Managers Chair. “As a result, multiple industry participants have worked to address these vulnerabilities by providing application-based solutions that deliver, among other things, a simplified consumer payment experience.”
As the EMV SRC Technical Framework continues to evolve, Mish invites payments industry stakeholders to share insights and commentary on “define security improvements, simplify merchant integration and enable a consistent consumer experience for remote payments.” Interested parties can become EMVCo subscribers to be notified of future developments and stay informed on the SRC initiative, she noted.
EMVCo defines remote commerce as “the purchase of goods and services by consumers via applications and browsers on mobile phones, tablets, desktop computers and Internet-connected devices." The organization stated the EMV SRC initiative will address complexities and potential vulnerabilities within the remote payments ecosystem in several ways. It will:
Additional information and specifications are available at www.emvco.com/terms-of-use/?u=/wp-content/uploads/documents/Secure-Remote-Commerce-Framework-FINAL-v1.0.pdf .
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.