What is EMV 3D Secure?
8 July, 2019 by
Jean FANG, Product Manager & Stéphanie PIETRI, Communications Director

Consumers are managing their financial services in more digital and diverse ways than ever before. But as card-not-present (CNP) transactions across e-commerce, m-commerce and remote commerce rise across the globe, so does fraud. Adding security without simply creating more points of friction is a real challenge, but one that EMV® 3-D Secure protocol – EMV 3DS for short – is trying to combat.

The protocols are generating real interest across the industry, but what exactly is EMV 3DS? And what are the key considerations stakeholders in the online payments and financial services world should be making?

EMV 3DS – the background, the basics

Three-Domain Secure (3DS) is a standard messaging protocol used to identify and verify cardholders for CNP transactions. It creates a standardized, harmonized and secure authentication solution for all stakeholders: merchants, issuers, acquirers and schemes.

Initiated by Visa and followed by other payment schemes such as Mastercard. A new version of EMV 3DS has now been developed and is being maintained by the industry body, EMVCo.

We can break the main goals of the latest EMV 3DS specifications into three:

Increase approval rates

Fundamentally, achieving this boosts the total volume of transactions and increases revenues for retailers, banks and schemes alike.

Reduction of fraud

Merchants or issuing banks have historically been liable for fraudulent chargebacks, but now the responsibility is shifting depending on which version of EMV 3DS is supported during the authentication. EMV 3DS risk-based-authentication helps reduce fraud and brings huge savings, as well as more confident consumers.

Enhance the user-experience

Improved online authentication solutions – remembering the 3rd, 4th and 7th digit of a password set five years ago, for example – are far from user-friendly. And the stats speak for themselves: eCommerce cart abandonment rate is at nearly 70%, and around 28% of US online shoppers admit to quitting orders due to checkout processes being too long or complicated.

Cutting out complex additional steps for consumers will reduce cart abandonment and result in better sales for retailers (as well as customers happier to return!).

So how does EMV 3DS work?

By improving communication ‘in the background’ between the issuing bank, the acquirer and the merchant, EMV 3DS streamlines the user experience. At a high level, basic account holder information can now be automatically retrieved and verified without additional consumer input.

EMVCo's latest specifications include advanced algorithms and sophisticated risk-based decision making to determine if shopping is "successful" with smarter data sharing. For example, the location of the user, the amount paid, and the frequency of the transaction are factors. This means that no additional authentication is required except when really needed.

Say I’m making an m-commerce payment on holiday in Australia from a site I’ve never visited before – I may then be taken through some of the new, simpler additional authentication solutions defined.

These now include one-time passwords sent via SMS, biometric authentication, use of existing authentication on mobile devices and background authentication checks.

Crucially, EMV 3DS is no longer just for payments. The use cases for identification and verification (ID&V) are expanding, so the scope of EMV 3DS has become much broader to include adding cards to a digital wallet, open banking services and financial services apps, etc.

Next steps to EMV 3DS implementation

EMV 3DS is a compelling authentication solution fit for the digital, omnichannel age. But as with any major system upgrade, implementation does not come without its challenges.

Selecting a trusted partner who understands the nuances and complexities of this new payments infrastructure can help take the strain of compliance. Whether defining and certifying a new solution, or upgrading an existing implementation, thorough testing and certification needs to be championed throughout. This is key to minimizing unexpected delays and costs on the path to service launch.

FIME’s long history supporting the industry’s digital transformation and participation in EMVCo enable us to deliver unrivalled expert support for your projects.