EMVCo 3DSecure 2.3

It is estimated that over the next decade, card fraud will cost the global card payment industry more than $408 billion. Fraud prevention is critical for online transactions. Consumers, acquirers, merchants, and card issuers all need better security for changing risks.

 EMVCo 3-D Secure (EMV 3DS) is a messaging protocol and offers a solution to the issue of card fraud. It provides enhanced security when consumers make card-not-present e-commerce transactions. 3DS v2.3 is the latest version of EVV 3DS and has several new features to improve usability and reduce payment friction.

Better User Experience 

EMV 3DS v2.3 improves the payment experience for consumers by streamlining cardholder authentication in several ways.  

Support for Device Binding 

EMV 3DS now supports device binding. Device binding enables e-commerce and card-on-file merchants to remember a consumer’s device. On the challenge screen, cardholders are asked if they wish to be remembered for future transactions. 

Instead of card data, merchants store a. token which they can then bind to the cardholder’s devices. The use of one of these devices for future transactions serves as an additional authentication factor. 

Device binding streamlines the authentication process as it doesn’t impact the checkout experience and reduces the need for an additional authentication step. 

Automated Out-of-Band (OOB) Transitions 

Out-of-band authentication can easily lead to transaction failure. OOB is a type of two-factor authentication. It uses verification through a separate communication channel. 

For example, a customer who wants to make a purchase on their laptop will receive a one-time password via text message on their mobile device. Issues associated with transitioning between merchant applications and the authentication application could cause a transaction to fail. 

The latest version of EMV 3-D Secure supports automated out-of-band transitions. The page redirects automatically and therefore improve the transaction success rate. 

More Transaction Data 

EMV 3DS now provides more data about recurring transactions. This applies to situations where a cardholder is approving recurring payments. An example of this is a monthly subscription. 

The new features simplify the authentication process for future purchases. 

Issuers, merchants, and consumers get better visibility into the payment details. Furthermore, the payment is easier to identify and approve. 3DS v2.3 supports a wider range of payment scenarios, including: 

  • A free trial period followed by a recurring subscription fee 
  • Variable payment amount 
  • Variable payment frequency based on usage 

EMV 3DS v2.3 has more EMV payment token data. It helps card issuers make better risk-based decisions. 

Integration of More Devices 

3DS v2.3 has enhancements for integrating new types of devices. The new protocol applies to devices like virtual assistants (Alexa, Siri, etc.). It also applies to IoT (Internet of Things) appliances such as smart TVs. A payment SDK allows the creation of payment applications on these devices. The previous version of 3DS had certified “universal” SDKs. These SDKs let merchants integrate a single SDK into their website or app to meet data and compliance requirements. EMV 3DS v2.3 updates the SDK using a split SDK server model with multiple variants. The split SDK divides functions into a server and client. 

Having a client API simplifies merchant integration. It lets trusted third parties get enhanced device and biometric data from the merchant’s apps. Trusted third parties include: 

  • Delegated authenticators 
  • FIDO-reliant parties 
  • Risk engines 

This improves the transaction approval rate. 

Merchants and trusted third parties can use data instructions for the client API to define what data the SDK should collect. Examples of enhanced data include: 

  • Device tags 
  • Behavioural biometrics 
  • Fingerprint or facial biometric 

These features reduce the need for authentication step-ups. They make risk scoring more accurate. Applying this standard to IoT devices makes shopping on them more secure. 

New Authentication Method and Fraud Prevention

EMV 3DS supports WebAuthn (Web Authentication) and SPC authentication. Integrating these methods into the EMV 3DS process makes identifying fraudulent transactions easier. 

WebAuthn 

The World Wide Web Consortium (W3C) developed WebAuthn. It is a standard for password-free login. 

WebAuthn is an API standard. It lets servers, applications, websites, and other systems manage and verify registered users without a password. Password-less authentication methods include biometric or possession-based authenticators. 

It supports popular web browsers such as Chrome, Microsoft Edge, Firefox, and Safari as well ass their mobile versions. 

WebAuthn also improves security by avoiding the weaknesses of a password-based system. A wide range of browsers, operating systems, and devices accept it, making it a versatile solution. 

You also have the option of single-factor or multi-factor authentications. This can be specifically designed for your system. 

SPC 

SPC (Secure Payment Confirmation) is another API that is being developed by W3C. It supports streamlined authentication during a payment transaction. 

SPC builds on WebAuthn. It adds a payment layer so the card issuer or bank can provide a consistent payment experience. 

SPC has two steps. The first step is where the cardholder links their device to a relying party, which could be either a card issuer or bank. 

Then, the cardholder uses the registered device to confirm their identity directly from the merchant’s platform. When cardholders register an authenticator with the relying party, they can use the authenticator on different merchant sites. 

SPC integrates FIDO (Fast Identity Online) into the EMV 3DS process. FIDO is a set of specifications that define authentication methods without passwords. It replaces traditional one-time passwords with biometric or device-based identification. 

Better Operating System Information 

During a 3DS payment transaction, the directory server transmits operational information to the 3DS or access control server (ACS) in an operation message. The message will contain more information under 3DS v2.3. This should reduce transaction failures. 

Poor product conditions can lead to transaction failure. The new 3DS standard reports on turnaround times and performance which allows the directory server to communicate key exchange and certification updates. 

This is another way to streamline the transaction process and improve security. 

Get the Benefits of EMV 3D Secure 2.3

EMV 3DS v2.3 has several enhancements that will benefit consumers, merchants, and card issuers. You can see a higher transaction approval rate without relaxing fraud prevention mechanisms. 

GPayments offers a robust suite of authentication solutions for stakeholders in the online payment process. We provide services for financial institutions, service providers, merchants, and cardholders. 

Our platforms are open and scalable, and our systems integration and customer support help you get the most from the 3DS protocol. 

Request a demo today to find your authentication solution.