EMV^® Secure Remote Commerce

Q: What is remote commerce?

A: In a remote commerce transaction, the consumer does not interact with a physical terminal. Remote commerce, also called e-commerce, continues to grow worldwide with the popularity of online purchasing.

Remote commerce involves a checkout process whereby a merchant or commerce provider requests permission to use a consumer’s payment method to complete a transaction.

Q: What is EMV Secure Remote Commerce?

A: The EMV Secure Remote Commerce (SRC) Specifications enable a common consumer e-checkout that promotes simplicity, familiarity, interoperability convenience and trust.

Consumer-facing solutions and programmes based on the EMV SRC Specifications can be described as Click to Pay. This universal description enables ease of recognition for consumers, and signals that a consumer can confidently transact through an easy e-checkout, regardless of the payment card, digital channel or device they use.

The corresponding icon , described as the Click to Pay icon, signals availability at participating merchants. Alternatively, Click to Pay will be used in text as descriptive language if an e-merchant is unable to visually display the icon.

The EMV SRC Specifications:

• Define interfaces to allow for secure exchanges of payment data across participants in the remote commerce environment.
• Accommodate options for using dynamic data, such as cryptograms or other transaction unique data, to enhance the security of payment transactions on a merchant’s SRC-enabled website, mobile app or other e-commerce platform.
• Enable compatibility and interoperability with other technologies such as EMV 3-D Secure and EMV Payment Tokenisation.
• Provide an Application Programming Interface (API) Specification and Java Script Software Development Kit (SDK) Specification to support common integration.
• Facilitate consumer recognition of a common user experience, indicated by the icon, which signals to a consumer that EMV SRC is being used as a foundation to process card-based payment transactions in remote-checkout environments.
• Provide User Interface Guidelines and Requirements.

The EMV SRC Specifications were developed with input from industry participants and are available to all parties on a royalty-free basis from the EMVCo website.

Q: What are the common challenges facing remote commerce?

A: By promoting a simple, secure and interoperable checkout experience for consumers, EMV SRC offers the potential to address common challenges within the remote commerce environment:

• Increasing card not present (CNP) fraud
  
  The key entry, transmission and subsequent storage of live primary account numbers (PAN) introduces potential risk.
  
  Remote commerce is often initiated through the manual entry and storage of the PAN into a website or application by the consumer. In parallel, data storage solutions that utilise usernames and passwords are widely implemented.
  
  As a result, the harvesting of manually entered data, account takeover of established usernames and passwords, or use of malware are a few examples of the vulnerabilities that can lead to the potential for massive data breaches.
  
  In addition, the actual method of delivering the payment card data to the merchant is inconsistent. This has led to the development of a variety of solutions, which has created possible further vulnerabilities within the remote commerce environment that can potentially be exploited.
  
  EMV SRC aims to mitigate such potential risks from occurring (see benefits section below to understand how).
• Checkout friction
  
  The current remote commerce ecosystem enables payments using a range of integration models and implementation practices. This can create inconsistency and complexity during the consumer’s purchase.
  
  A consistent user experience, indicated by the icon, conveys to consumers that they can expect an easy, smart, interoperable checkout wherever it appears, regardless of which payment card or remote-checkout environment they use.
  
  Also, the reduced need for entering card and shipping information has the potential to lower shopping cart abandonment for merchants.
• Ecosystem complexity
  
  The remote environment has evolved using proprietary solutions, with multiple participants and use cases increasing the complexity associated with technology integration.
  
  EMVCo’s work in this area aims to offer a global and interoperable specification upon which SRC solutions can be built to simplify merchant integration, enhance scalability and enable a consistent consumer experience.

View all related FAQs (PDF)