Consumers are managing their financial services in more digital and diverse ways than ever before. But as card-not-present (CNP) transactions across e-commerce, m-commerce and remote commerce rise across the globe, so does fraud. Adding security without simply creating more points of friction is a real challenge, but one that the EMV 3-D Secure protocol – EMV 3DS for short – is trying to combat.

The protocols are generating real interest across the industry, but what exactly is EMV 3DS? And what are the key considerations stakeholders in the online payments and financial services world should be making?

Verifying CNP Transactions

Three-Domain Secure (3DS) is a standard messaging protocol used to identify and verify cardholders for CNP transactionsThree-Domain Secure (3DS) is a standard messaging protocol used to identify and verify cardholders for CNP transactions. It creates a standardised, harmonised and secure authentication solution for all stakeholders: merchants, issuers, acquirers and schemes. Initiated by Visa and followed by other payment schemes such as Mastercard, a new version of EMV 3DS has now been developed and is being maintained by the industry body, EMVCo.

Goals of EMV 3DS specifications

The main goals of the latest EMV 3DS specifications can be broken down into three:

  • Increase approval rates

Fundamentally, achieving this boost the total volume of transactions and increases revenues for retailers, banks and schemes alike.

  • Reduce fraud

Merchants or issuing banks have historically been liable for fraudulent chargebacks, but now the responsibility is shifting depending on which version of EMV 3DS is supported during the authentication. EMV 3DS risk-based-authentication helps reduce fraud and brings huge savings, as well as more confident consumers.

  • Enhance the user-experience

Improved online authentication solutions – remembering the 3rd, 4th and 7th digit of a password set five years ago, for example – are far from user-friendly. And the stats speak for themselves: eCommerce cart abandonment rate is at nearly 70%, and around 28% of US online shoppers admit to quitting orders due to checkout processes being too long or complicated.

Cutting out complex additional steps for consumers will reduce cart abandonment and result in better sales for retailers (as well as customers happier to return!).

Intelligent risk-based decision-making

EMVCo’s latest specification features even more intelligent risk-based decision-making with advanced algorithms

By improving communication ‘in the background’ between the issuing bank, the acquirer and the merchant, EMV 3DS streamlines the user experience. At a high level, basic account holder information can now be automatically retrieved and verified without additional consumer input.

EMVCo’s latest specification features even more intelligent risk-based decision-making with advanced algorithms and smarter data sharing that help evaluate if a purchase is ‘normal’ or not. For example, considering user location, amount spent and frequency of transactions. This means additional authentication processes are only requested when really needed.

Say if one is making an m-commerce payment on holiday in Australia from a site they’ve never visited before – they may then be taken through some of the new, simpler additional authentication solutions defined. These now include one-time passwords sent via SMS, biometric authentication, use of existing authentication on mobile devices and background authentication checks.

Compelling authentication solution

Thorough testing and certification needs to be championed throughout

Crucially, EMV 3DS is no longer just for payments. The use cases for identification and verification (ID&V) are expanding, so the scope of EMV 3DS has become much broader to include adding cards to a digital wallet, open banking services and financial services apps, etc. EMV 3DS is a compelling authentication solution fit for the digital, omnichannel age. But as with any major system upgrade, implementation does not come without its challenges.

Selecting a trusted partner who understands the nuances and complexities of this new payments infrastructure can help take the strain of compliance. Whether defining and certifying a new solution, or upgrading an existing implementation, thorough testing and certification needs to be championed throughout. This is key to minimising unexpected delays and costs on the path to service launch.

FIME’s long history supporting the industry’s digital transformation and participation in EMVCo enable them to deliver unrivalled expert support for your projects.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?