EMV® 3-D Secure

To reflect current and future market requirements, the payments industry recognised the need to create a new 3-D Secure specification that would support app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions. This led to the development and publication of the EMV® 3-D Secure – Protocol and Core Functions Specification. The specification takes into account these new payment channels and supports the delivery of industry leading security, performance and user experience.

Specifications

Version Published Description Related Bulletins
2.2.0 13 Dec 2018 EMV® 3-D Secure Protocol and Core Functions Specification See All
2.2.0 13 Dec 2018 EMV® 3-D Secure—SDK Specification See All
2.1.0 31 Oct 2017 EMV® 3-D Secure SDK—Device Information See All
2.1.0 30 Oct 2017 EMV® 3-D Secure Protocol and Core Functions Specification See All

See all current specifications for 3-D Secure

Approved Products

Acknowledgment by EMVCo that the specified product has demonstrated sufficient conformance to the EMV® Specification for its stated purpose.  Approved Products may refer to either the 3DS Server, Directory Server (DS), Access Control Server (ACS) or 3DS SDK.

See Providers

3-D Secure Component Product Providers refers to any Vendor or Service Provider that provides a 3-D Secure Component (3DS SDK, 3DS Server, Access Control Server or Directory Server) for the purpose of facilitating a 3-D Secure transaction with the acknowledgment by EMVCo that the specified product has demonstrated sufficient conformance to the EMV® Specification for its stated purpose.

Registration Number

A unique identification number assigned by EMVCo to a 3DS Product Provider.  The 3-D Secure Component Product Providers will need to register with EMVCo and/or with a Test Platform Provider prior to testing.   Only one Product Provider Registration is required.

FAQs

Q: What is EMV® 3-D Secure?

A: EMV® Three-Domain Secure (3DS) is a messaging protocol developed by EMVCo to enable consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorised CNP transactions and protects the merchant from CNP exposure to fraud. The three domains consist of the merchant / acquirer domain, issuer domain, and the interoperability domain (e.g. Payment Systems).

Q: What is the expected launch date of the EMVCo test platform? (Updated)

A: The EMV® 3DS test platform is now live and available for EMV® 3DS v2.1.0 product testing and approval. Progress updates regarding testing support for EMV® 3DS v2.2.0 will be posted on the EMVCo website.

Q: 3-D Secure is already used by the market. Why has a new specification been created?

A: To reflect current and future market requirements, the payments industry recognised the need to create a new specification that would support app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions. This led to EMVCo’s development of a new industry specification: EMV® 3-D Secure—Protocol and Core Functions Specification (EMV® 3DS Specification)– that takes into account these new payment channels and supports the delivery of industry leading security, performance and user experience.

View all related FAQs (PDF)

Get Involved

Draft Specifications and Bulletins are shared with EMVCo Associates and Subscribers, who provide feedback and submit Queries.  They are also eligible to attend relevant meetings to discuss the Specifications.

See ways to participate