GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

CFPB, prepaid companies both dealt blows

Patti Murphy


Industry Update

One year in, reviews mixed for EMV in U.S.

CFPB issues rules for reloadable prepaid debit cards

World Payments Report 2016 released

3DS 2.0 adds tools, expands framework


Update - Apple Pay in-browser launched on September 13th

Get ready for biometric payments

Wearables not yet must-have multipurpose tools


Myths in winemaking terroir, ACH payments

Brandes Elitch
CrossCheck Inc.

Reboot your payments outlook

Dale S. Laszig
DSL Direct LLC


Street SmartsSM:
Industry vets round table wrap-up

John Tucker
1st Capital Loans LLC

GDPR's right to be forgotten impacts all business

Lori Schrameck and Celine Rodriguez
CSR Professional Services Inc.

Happy first birthday EMV: the safe, the slow and the numbers

Evi Triantafyllides

Company Profile

BillPro Pty. Ltd.

New Products

50-state MSB status in 30 seconds
Adam Atlas Attorney at Law

Digital commerce suite for ISVs, developers

Fuzse ecommerce suite
Fuzse LLC


Take another look at direct mail


Letter from the editors

Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

October 24, 2016  •  Issue 16:10:02

previous next

3DS 2.0 adds tools, expands framework

An updated version of EMV 3-D Secure will be available in time for retail's peak season, EMVCo and the PCI Security Standards Council reported. The news was welcomed by global cybersecurity experts, many of whom are well aware of numerous details and compliance requirements related to the launch. 3-D Secure is shorthand for 3 Domain Security and is commonly abbreviated as 3DS.

EMVCo, a global body owned by American Express Co., Discover Financial Services, Mastercard, China UnionPay and Visa Inc. that manages the EMV (Europay, Mastercard and Visa) technology protocol, disclosed in January 2015 that it would launch 3DS 2.0 in 2016. The EMV 3-D Secure – Protocol and Core Functions Specification v2.0 (EMV 3DS 2.0 Specification) will improve security and global interoperability while providing a consistent consumer experience across e-commerce channels, connected devices and in-app purchases, EMVCo stated.

The PCI SSC, which manages the Payment Card Industry Data Security Standard, will work with EMVCo to provide security requirements, testing procedures, assessor training and reporting templates, making these resources available in 2017, council representatives stated.

Unified, international standard

3DS is designed to authenticate payment card transactions that originate online. The messaging protocol creates an additional layer of security to protect the three banks or "domains" of an ecommerce transaction, the issuing bank, acquiring bank and cardholder bank, through multifactor password or one-time password authentication. The technology was originally introduced as Verified by Visa to protect and enhance the online shopping experience.

The technology has subsequently been adapted by EMVCo and major payment card brands (in Mastercard's SecureCode, AmEx.'s SafeKey and JCB International Credit Co. Ltd's J/Secure) into a globally accepted security standard. EMVCo stated that Visa will own and manage its proprietary version of 3DS 1.0, while EMVCo will continue to develop the EMV 3DS 2.0 standard.

Expanded framework, toolkit

Interoperability was a consideration in designing additional tools and application programming interfaces to enable software developers to incorporate 3DS 2.0 into products and services. Jonathan Main, EMVCo Board of Managers Chair, who represents Mastercard, expects the "toolbox" to significantly enhance global interoperability across numerous ecommerce platforms while facilitating a unified international payments framework. "We recognize that this [effort] requires a number of industry stakeholders to work together to establish a secure framework, and we are delighted to be collaborating with PCI Security Standards Council to facilitate this process," he said.

Additionally, the partners noted that EMV 3DS 2.0:

Flexible, adaptable framework

EMVCo and PCI SSC leaders expect 3DS 2.0 to continue its evolution in response to the ever-changing threat landscape, regulatory environments and payment security initiatives. The partners affirmed their commitment to creating a flexible, adaptable framework designed to support a range of online and mobile payment schemes and emerging payment technologies.

Making tool kits widely available will reinforce interoperability across multiple markets while supporting new application development and payments innovation, EMVCo stated. Troy Leach, Chief Technology Officer at the PCI SSC added, "[W]ith mobile payments projected to continue to rise, it is vitally important that the security concerns be addressed in the design of the authentication system to keep up with the evolving threats."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios