EMV® 3-D Secure

To reflect current and future market requirements, the payments industry recognised the need to create a new 3-D Secure specification that would support app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions. This led to the development and publication of the EMV® 3-D Secure – Protocol and Core Functions Specification. The specification takes into account these new payment channels and supports the delivery of industry leading security, performance and user experience.

Specifications

Version Published Description Related Bulletins
2.1.0 31 Oct 2017 EMV® 3-D Secure SDK—Device Information See All
2.1.0 31 Oct 2017 EMV® 3-D Secure—SDK Specification See All
2.1.0 30 Oct 2017 EMV® 3-D Secure Protocol and Core Functions Specification See All

Approved Products

Acknowledgment by EMVCo that the specified product has demonstrated sufficient conformance to the EMV® Specification for its stated purpose.  Approved Products may refer to either the 3DS Server, Directory Server (DS), Access Control Server (ACS) or 3DS SDK.

See Providers

3-D Secure Component Product Providers refers to any Vendor or Service Provider that provides a 3-D Secure Component (3DS SDK, 3DS Server, Access Control Server or Directory Server) for the purpose of facilitating a 3-D Secure transaction with the acknowledgment by EMVCo that the specified product has demonstrated sufficient conformance to the EMV® Specification for its stated purpose.

Registration Number

A unique identification number assigned by EMVCo to a 3DS Product Provider.  The 3-D Secure Component Product Providers will need to register with EMVCo and/or with a Test Platform Provider prior to testing.   Only one Product Provider Registration is required.

FAQs

Q: What is EMV® 3-D Secure?

A: EMV® Three-Domain Secure (3DS) is a messaging protocol developed by EMVCo to enable consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorised CNP transactions and protects the merchant from CNP exposure to fraud. The three domains consist of the merchant / acquirer domain, issuer domain, and the interoperability domain (e.g. Payment Systems).

Q: What is the expected launch date of the EMVCo test platform? (Updated)

A: The EMVCo test platform is expected to launch in Q2 2018. The initial launch will support frictionless transaction flows and 3DS Vendors will be able to create projects and begin testing. Full test platform launch is expected in Q3 2018 which will support all transaction flows and will enable EMVCo to begin issuing Letters of Approval (LOAs).

Q: 3-D Secure is already used by the market. Why has a new specification been created?

A: To reflect current and future market requirements, the payments industry recognised the need to create a new specification that would support app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions. This led to EMVCo’s development of a new industry specification: EMV® 3-D Secure—Protocol and Core Functions Specification (EMV® 3DS Specification)– that takes into account these new payment channels and supports the delivery of industry leading security, performance and user experience.

View all related FAQs (PDF)

Get Involved

Draft Specifications and Bulletins are shared with EMVCo Associates and Subscribers, who provide feedback and submit Queries.  They are also eligible to attend relevant meetings to discuss the Specifications.

See ways to participate