EMVCo updates 3-D Secure specs, compliance testing
EMVCo has established a new specification for updated 3-D Secure e-commerce fraud prevention that will be the basis by which the EMV standards body will test the new protocol for security compliance.
The updated specification document follows the release of EMVCo's 2.0.0 specification in October 2016 and adds functions and enhancements for secure consumer e-commerce transactions across channels and devices.
Updates in the 2.1.0 specification will enable merchant-initiated account verification, provide clarifications on submitting a recurring or installment payment request to the issuer, and establish improvements to out-of-band authentication transaction flows that will improve customer experience.
EMVCo says its testing program to approve compliant 3-D Secure software in the 2.1.0 version will launch in 2018.
“With e-commerce use-cases expanding worldwide and new technologies emerging, EMV 3D-Secure provides a consistent, global solution to authenticate users and deliver industry leading security and performance, without compromising user experience,” Jack Pan, EMVCo's executive committee chair, said in an Oct. 31 press release.
In addition to the testing to evaluate 2.1.0 compliance, EMVCo is also working with the Payment Card Industry Security Standards Council to align with PCI's recently released 3-D Secure standard and related assessment programs.
“To further enhance and refine 3-D Secure, EMVCo has actively encouraged industry participation and input from individuals, companies and industry bodies," Cheryl Mish, EMVCo's board of managers chair, said in the release.
"We have leveraged this engagement to advance the specification and ongoing testing activity to best address the long-term requirements of consumers and the various stakeholders working in this space,” Mish added.