EMV® 3-D Secure (EMV 3DS) helps payment card issuers and merchants around the world prevent card-not-present (CNP) fraud and increase the security of e-commerce payments.
Fighting payment fraud and checkout friction is key to businesses delivering a safe and convenient digital shopping experience for their customers. Payment card issuers and merchants use EMV 3DS to seamlessly authenticate consumers and safeguard against card-not-present (CNP) fraud.
EMV 3DS enables the exchange of data, or messages, between the merchant and the issuer to authenticate the consumer and approve the transaction. The data includes information about the transaction, payment method and device. Using this data, issuers can identify and prevent fraudulent card transactions quickly and accurately, without adding unnecessary friction to the payment process that often leads to abandoned purchases.
The EMV 3DS Specifications provide a common set of requirements that product providers can use to integrate this technology into their solutions to support seamless and secure e-commerce payments.
EMVCo maintains the EMV 3DS Specifications and supporting approval processes, and collaborates with the PCI Security Standards Council on the security evaluation of EMV 3DS solutions.
EMV 3DS helps issuers, acquirers and merchants prevent fraud across e-commerce channels and devices, while optimising the user experience for consumers.
An additional layer of security helps issuers, acquirers and merchants better prevent CNP fraud and ensure that the payment process is seamless for their customers.
Rich data and flexible authentication methods help improve the decision-making process for issuers to determine the legitimacy of a transaction. This results in increased transaction approval rates and fewer false declines.
Consumers can use their preferred devices to shop online and expect quicker, easier authentication, fewer purchases inaccurately declined, and confidence in the safety of the transaction.
EMV 3DS is an e-commerce fraud prevention protocol that enables consumer authentication for CNP purchases, without adding unnecessary friction to the checkout process.
EMV 3DS helps payment card issuers identify unauthorised e-commerce transactions quickly and accurately to prevent CNP fraud. It enables the exchange of data between the merchant and the payment card issuer to verify that the individual making a purchase with a payment card is the legitimate user of the card.
For e-commerce purchases where EMV 3DS solutions are used, the process works as follows:
The EMV 3DS Specifications provide a common set of requirements that product providers can use to integrate EMV 3DS technology into their solutions to support seamless and secure e-commerce payments.
The EMV 3DS Specifications:
An EMV 3DS transaction utilises consumer data for the purpose of evaluating risk to prevent fraud. Merchants and issuers using this data for this purpose are responsible for complying with applicable privacy laws.
The Opinion of the European Banking Authority (EBA) published on 21 June 2019 recognised that protocols such as EMV 3DS provide a means for merchants and issuers to support the use of SCA.
Specifically, EMV 3DS supports SCA by enabling the use of two-factor authentication.
Its flexibility allows issuers to accommodate their authentication preferences. Moreover, issuers can consider risk and regulatory factors in deciding how the customer will be authenticated – for example, using a one-time passcode, knowledge-based questions or biometrics.
The EBA notes that versions 2.0 and newer support a variety of SCA methods, while trying to ensure customer convenience, limiting fraud through data sharing and transaction risk analysis, and enable the use of exemptions set out in the Regulatory Technical Standards (RTS).
While EMV 3DS 2.1 supports SCA, EMVCo recommends that v2.2 (or higher) should be considered to access the optimum functionality.
EMVCo maintains interactive EMV 3DS UI/UX Design Guidelines to help card issuers, merchants and solution providers optimise the EMV 3DS payment authentication experience for e-commerce consumers.
The Browser Best Practices are designed to help merchants and issuers better leverage the security features of EMV 3DS to ensure that all parties are protected during the transaction process, and consumers can expect a smooth and consistent checkout.
Developed in collaboration with FIDO Alliance, this EMVCo Whitepaper provides guidance to merchants, card issuers, acquirers and processors on how FIDO Authentication Data can be used in EMV 3DS messages to reduce fraud and friction for consumers in the payment process.
More than a hundred organisations – including merchants, issuers, acquirers, payment networks, financial institutions, manufacturers, technology providers and testing laboratories – contribute their knowledge and expertise to the development of EMV Specifications.
EMVCo Associates can contribute their knowledge and expertise to shape the development of EMV Specifications.
EMVCo Subscribers can receive notice of pending EMV Specification developments and participate in a formal dialogue with EMVCo.
All industry participants can review and provide comments on new EMV Specifications and major updates before final publication.
EMVCo's new website and Participant Dashboard are now live. To access your account for the first time on our new website you'll need to carry out a password reset here. You will then be sent an email to reset your password.
EMVCo Associates, Subscribers and public users of emvco.com can create accounts to manage their engagement and participation with EMVCo. Using your EMVCo account, you can create your own watchlist of EMV technologies documents, monitor queries and responses, and manage your profile.