EMV® Secure Remote Commerce (SRC) is a set of specifications developed by EMVCo that enable the creation of a ‘virtual payment terminal’. It provides a foundation that will enable industry solutions for the processing of e-commerce transactions in a consistent, streamlined fashion across a variety of remote-checkout environments and consumer devices, including smartphones, tablets, PCs and other connected devices.
|1.0||07 Jun 2019||EMV® Secure Remote Commerce Specifications – API v1.0||See All|
|1.0||07 Jun 2019||EMV® Secure Remote Commerce Specifications v1.0||See All|
04 Sep 2019
|EMV® Secure Remote Commerce and W3C Web Payment Specifications|
29 Aug 2019
|EMV® Secure Remote Commerce – Device Fingerprint Security Statement|
07 Jun 2019
|EMV® SRC Disposition of Comments v0.95|
29 May 2019
|EMV® Secure Remote Commerce – May 2019|
22 Mar 2019
|EMVCo statement: Advances in EMV® Secure Remote Commerce with Publication of Draft Specification v0.95|
28 Feb 2019
|2018: A Year in Review|
19 Oct 2018
|EMV® Secure Remote Commerce Presentation|
10 Oct 2018
|EMV® SRC Draft Specification Release Plan|
15 May 2018
|EMVCo Statement – EMV® Secure Remote Commerce|
Q: What is remote commerce?
A: In a remote commerce transaction, the consumer does not interact with a physical terminal. Remote commerce, also called e-commerce, continues to grow worldwide with the popularity of online purchasing.
Remote commerce involves a checkout process whereby a merchant or commerce provider requests permission to use a consumer’s payment method to complete a transaction.
Q: What is EMV®* Secure Remote Commerce?
A: EMV® Secure Remote Commerce (SRC) is a set of specifications developed by EMVCo that enable the creation of a ‘virtual payment terminal’. It provides a foundation that will enable industry solutions for the processing of e-commerce transactions in a consistent, streamlined fashion across a variety of remote-checkout environments and consumer devices, including smartphones, tablets, PCs and other connected devices.
The EMV® SRC Specifications:
The EMV® SRC Specifications were developed with input from industry participants and are available to all parties on a royalty-free basis from the EMVCo website.
Q: What are the common challenges facing remote commerce?
A: EMV® SRC offers the potential to address common challenges within the remote commerce environment, promoting an easy, smart (i.e. responsive and with recall abilities) checkout experience for consumers:
Q: What are the benefits of EMV® SRC?
A: The benefits of EMVCo’s EMV® SRC initiative are to:
Q: Are the EMV® SRC Specifications flexible?
A: Yes. Although EMV® SRC delivers a level of consistency to facilitate consumer recognition and familiarity, the specifications are flexible to enable a range of experiences.
Q: Why is EMVCo working in this area?
A: EMVCo exists to facilitate worldwide interoperability and acceptance of secure payment transactions. It accomplishes this by managing and evolving the EMV® Specifications.
The EMV® Chip Specifications have proven successful in limiting fraud at the physical point-of-sale, and EMV® SRC aims to help deliver comparable levels of security, interoperability and convenience to enhance the remote payments environment.
EMVCo has the strategic breadth, industry knowledge, and technical depth to develop and maintain frameworks and specifications that can help support secure digital card payments. The EMV® Specifications are flexible to accommodate global needs and can be adapted for regional payment requirements.
In addition to EMVCo’s expertise, the global technical body has an organisational structure that enables collaboration within the payments community, and a well-established track record of technical specification delivery. EMVCo is dedicated to developing globally interoperable specifications as the payment industry continues to evolve.
Fundamentally, EMVCo has the appropriate experience to ensure that frameworks and specifications can be developed in such a way that their respective compatibility with the existing payment infrastructure will be maintained.
Q: What is the payment icon?
A: The SRC payment icon is comprised of a pentagon design oriented on its side with a stylized depiction of a fast forward symbol on the right, formed by a continuous line. The icon shall always appear exactly as shown in the image below and shall never be broken apart or visually altered in any way.
Q: Why has EMVCo developed the payment icon associated with EMV® SRC?
A: The payment icon facilitates easy consumer recognition of websites, apps and other remote-checkout environments that use the EMV® SRC Specifications as a foundation to process card-based payment transactions. When a consumer clicks on the prompt associated with the icon, they can be confident that they are entering a consistent payment space regardless of the payment method or merchant and can expect an easy, smart checkout.
The intention is for the icon to become a trusted visual symbol in remote payment environments, which brings the same level of familiarity and confidence that consumers currently experience when using an EMV® point-of-sale payment terminal at any merchant outlet globally with Contactless or QR icons.
Q: Where can consumers expect to see the payment icon?
A: The icon is available for licensed reproduction across remote-checkout environments that offer payments enabled by the EMV® SRC Specification, including websites and apps.
Q: How can I obtain the payment icon, and what are the requirements for its placement and usage?
A: EMVCo has published a Trademark License Agreement and the Reproduction Requirements to detail the use of the icon and call-to-action across remote-commerce environments. The payment icon, Trademark License Agreement and Reproduction Requirements are available from the EMVCo website for royalty-free usage.
Q: What are the SRC System Operating Images that can appear next to the payment icon?
A: SRC System Operating Images are the unique images referring to an SRC System that will be displayed in association to the SRC Trigger and payment icon.
Q: Will the usage of the payment icon be mandatory across remote-checkout environments that offer EMV® SRC-enabled payments?
A: EMVCo does not mandate the use of the EMV® SRC Specifications nor the associated payment icon. EMVCo also does not mandate which payment methods are presented to consumers within the EMV® SRC experience.
Q: Are there other solutions like EMV® SRC in the marketplace today?
A: Solutions exist today that provide security and convenience. However, each requires a unique integration that adds complexity for merchants and an inconsistent experience for consumers.
EMV® SRC’s objective is to facilitate the secure transmission of data as well as enable a more consistent merchant integration for card payments, much like what occurs at the physical point of sale.
Existing solution providers will have the option to use the EMV® SRC Specifications for their implementations.
Q: Are any other industry bodies working in this area?
A: EMV® SRC is focused on enhancing consistency and security for card-based payments within remote payment environments.
EMVCo aims to work closely with industry participants to capitalise on opportunities for alignment where appropriate.
For example, The FIDO Alliance, EMVCo, and the World Wide Web Consortium (W3C) have created an Interest Group for organisations to collaborate on a vision for web payment security and interoperability.
The Web Payment Security Interest Group complements existing specification-level discussions around EMV® SRC, EMV® 3DS, FIDO Alliance’s FIDO2 specifications, and W3C's Web Authentication and Payment Request APIs. The group also provides the foundation for collaboration around future technical specifications.
Q: Have other industry stakeholders provided input to the EMV® SRC Specifications?
A: The publication of EMV® SRC v1.0 follows a public consultation period on the draft specification in Q4 2018, which allowed as many payment industry participants as possible, including merchants, card issuers and payment networks, the opportunity to review and contribute.
EMVCo has an established Associates Programme that is open to industry stakeholders. Any interested party can become an EMVCo Subscriber. Both EMVCo Associates and Subscribers have engaged in the development of the EMV® SRC Specifications, ensuring that industry feedback has been incorporated.
Q: Will the EMV® SRC Specifications be available to all parties without charge?
A: Yes. The EMV® SRC Specifications are available to all industry participants from EMVCo on a royalty-free basis. The associated payment icon, along with the corresponding Trademark License Agreement and the Reproduction Requirement documentation, is also available from the EMVCo website for royalty-free usage within remote-commerce channels. EMVCo has an established process for delivering payment specifications through open and transparent processes in consultation with industry stakeholders.
Q: How will the EMV® SRC Specifications be adopted by payment systems and other payments stakeholders?
A: As an organisation striving to facilitate enhanced security and interoperability across the payments ecosystem, EMVCo plays an important role in bringing together stakeholder interests among payments industry participants.
While EMVCo has published the EMV® SRC Specifications for any industry participant to adopt on a royalty-free basis for its own remote commerce solutions, EMVCo does not establish obligations, requirements, or otherwise for the adoption and implementation of its specifications. EMVCo does not mandate or enforce EMV® compliance or the implementation policies for issuers, merchants and acquirers, which are handled by payment systems independently outside of EMVCo.
To learn more about the role EMVCo plays within the payments ecosystem, read its Operating Principles, which can be found in the “About EMVCo” section of the website.
Q: Will EMVCo be offering an EMV® SRC testing and certification programme?
A: Due to the evolving nature of the remote payments environment and dynamic advancement of technology within this area, the nature and applicability of such an EMV® SRC testing programme is under consideration.
Q: Are the EMV® SRC Specifications compatible with EMV® 3DS and EMV® Payment Tokenisation?
A: Yes, the EMV® SRC Specifications are compatible with the EMV® 3-D Secure – Protocol and Core Functions Specification (EMV® 3DS) and EMV® Payment Tokenisation Specification – Technical Framework.
EMV® SRC seeks to improve security, simplify merchant integration, enhance scalability and enable a consistent consumer experience for remote payments. It is not intended to be a replacement for EMV® 3DS and EMV® Payment Tokenisation.
EMV® 3DS may optionally be used within EMV® SRC to enable consumers to authenticate themselves with their card issuer during a transaction. EMV® Payment Tokenisation may be used, for example, to restrict usage of a digital card to the remote commerce acceptance channel at a specific merchant.
Q: Will EMVCo be updating the EMV® SRC Technical Framework in line with the updated EMV® SRC Specifications?
A: No. With the publication of the EMV® SRC Specifications, relevant aspects of the EMV® SRC Technical Framework have been incorporated into the specification so revisions to the technical framework will not be necessary.View all related FAQs (PDF)
Draft Specifications and Bulletins are shared with EMVCo Associates and Subscribers, who provide feedback and submit Queries. They are also eligible to attend relevant meetings to discuss the Specifications.