EMV® 3DS – paving the way for seamless authentication
February 11, 2020
Jean Fang, Product Manager, FIME
The growth of e-commerce, m-commerce and remote commerce transactions is showing no signs of slowing down. In 2021, over 2.14 billion people worldwide are expected to buy goods and services online, up from 1.32 billion in 2014. The growth of card-not-present (CNP) transactions has driven a new age of consumer convenience but in parallel, a new age of fraud.
As EMV®* chip card adoption gathers momentum, with 76.7% of card-present transactions being EMV, fraudsters are looking for an easier way in. And the stats speak for themselves – digital fraud rates now account for 60-70% of all card fraud in many developed countries. In fact, it was even estimated that the gains made from savings in card-present fraud were eclipsed in 2018 by the losses from CNP fraud. This is not only affecting approval rates but also all-important consumer trust. So, what can be done? EMV 3-D Secure – EMV 3DS for short – is one solution that’s leading the way in the CNP ‘catch up’.
What is EMV 3-D Secure?
EMV 3DS is a messaging protocol used to identify and verify cardholders for CNP transactions. The specification improves communication between the issuing bank, the acquirer and the merchant. By doing more work ‘in the background’, it’s able to streamline the user experience, improve approval rates and reduce fraud. These features allow it to offer a frictionless online authentication solution.
The first version of the messaging protocol was initiated by Visa and was quickly followed by other international payment schemes. This was a fragmented and complex solution for the industry, however. Now, industry body EMVCo has taken ownership and is managing the evolution of the specifications.
The latest version of the EMV 3DS specifications includes new features to address the pain points of the old protocol. These improvements aim to deliver consumers a much smoother experience and keep transactions safe from new techniques employed by fraudsters. Let’s take a look at the new features and how they can improve the digital retail experience.
More authentication options
One of the new features set to enhance the consumer experience is the support for biometric technology that consumers have gained access to recently. Many shoppers are now familiar with a variety of biometric authentication methods, such as facial and fingerprint recognition. For some it is still a novelty to pay using your face, but this doesn’t mean it’s not a priority; it’s predicted that we’ll see nearly 90% of businesses using it by 2020.
The act of replacing ineffective static passwords with more complex authenticators is much more secure and user-friendly. Implementing support for these methods of authentication can help merchants with their aims to reduce cart abandonment. 28% of U.S. online shoppers have previously admitted to quitting orders due to checkout processes being too long or complicated and 17% said that they have abandoned checkout because they didn’t trust the website with their credit card information. Therefore, striking the right balance between convenience and security is fundamental.
The increase of choice isn’t just limited to more authentication options than before. Another new feature of the latest version of EMV 3DS enables both customers and merchants to have greater input. Customers will be able to ‘whitelist’ merchants with their issuer when setting up, say, a recurring purchase. This lets banks know a full review is not required, reduces customer prompts and can help support banks in risk ‘scoring’ merchants.
By feeding more data elements collected from the shoppers to the issuers, merchants can further improve the frictionless transaction experience. This increase of choice for customers, merchants and issuers benefits all parties, as it gives customers an easier experience and provides valuable customer data that can be used to inform the development of new services.
Another feature that has been added to the latest version of EMV 3DS is the support for new use cases, including identification and verification applications, as well as payments. While these use cases are still being explored and defined, they could include features such as being able to add a new payment card to a mobile wallet and open a new account online. And it’s not just consumer use-cases that are being explored. In the future, EMV 3DS could even be used by governments to authenticate citizens.
Alignment with new regulation
Simplifying alignment with regulatory requirements is another major bonus of EMV 3DS, especially with an increasing number of countries mandating multifactor authentication in CNP environments. Take Europe’s PSD2 and the strong customer authentication (SCA) mandates, for example. Implementing EMV 3DS offers banks an opportunity to utilize the same infrastructure to process SCA as well as EMV 3DS transactions. With more data included in the message requests, indications such as whether Acquirer SCA or a transactional risk analysis (TRA) have already been performed, or if a customer utilized a FIDO authenticator, can simplify the authentication process.
Next steps to implementation
Wherever in the online payments chain you sit, EMV 3DS is a compelling authentication solution fit for the omnichannel age, especially now it includes these new elements. But, as with any major system upgrade, implementation does not come without its challenges and testing requirements.
Before embarking on an EMV 3DS project – whether an entirely new system or upgrading a legacy system – there are three key stages of testing to consider: functional, security and integration with payment schemes.
Understanding what scope of testing falls to each stakeholder and navigating the three stages quickly and cost-effectively can be a challenge. And it’s here where support from a reliable testing and consulting expert on EMV 3DS can be invaluable.
To learn more about the key considerations and challenges when migrating to EMV 3DS, read our eBook.
*EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.
Categorised in: Blog