EMV® Secure Remote Commerce

EMV® Secure Remote Commerce (SRC) offers an approach to promote security and interoperability within the card payment experience in a remote payment environment.

Specifications

Version Published Description Related Bulletins
1.0 01 Nov 2017 EMV® Secure Remote Commerce Technical Framework See All

Education Materials

Version Published Description
1
07 Sep 2018
EMV® Secure Remote Commerce Presentation
1
15 May 2018
EMVCo Statement – EMV® Secure Remote Commerce

FAQs

Q: What is EMV®* Secure Remote Commerce?

A: EMV® Secure Remote Commerce (SRC) offers an approach to promote security and interoperability within the card payment experience in a remote payment environment.

EMVCo is defining a technical framework and specification that enables a merchant to obtain a consistent, secure payload of customer payment information that can be used to facilitate authorisation through existing channels.

The framework and specification will:

  • Define interfaces to enable secure exchanges of data between participating entities, which include merchants and issuers.
  • Outline methods to help protect transactions with dynamic data (for example, the transmission of transaction unique data or a unique cryptogram for each transaction).
  • Enable consistent integration of new technologies such as EMV® Payment Tokenisation and EMV® 3-D Secure.
  • Facilitate the delivery of a consistent user experience, indicated by an SRC Mark, which conveys an SRC enabled merchant environment to a consumer.

This work is being developed with input from industry participants and will be available to all parties on a royalty-free basis from the EMVCo website once published.

Q: How can EMV® SRC add value to the remote payments environment and what challenges does it address?

A: EMV® SRC offers the potential to address challenges within the remote payments environment to promote an enhanced payment experience for consumers.

Challenges that EMV® SRC can address include the fact that remote commerce is often initiated through the manual entry and storage of the primary account number (PAN) into a website or application by the consumer. In parallel, data storage solutions that utilise usernames and passwords are widely implemented. As a result, the harvesting of manually entered data, or account takeover of established usernames and passwords, are a few examples of the vulnerabilities that can lead to the potential for massive data breaches. Also, the use of malware that exploits system vulnerabilities are increasingly common. EMV® SRC aims to mitigate the impact of such potential risks from occurring.

In addition, the actual method of delivering the payment card data to the merchant is inconsistent. This has led to the development of a variety of solutions, which has created possible further vulnerabilities within the remote commerce environment that can potentially be exploited.

Also, the remote environment has evolved using proprietary solutions, with multiple participants and use cases increasing the complexity associated with technology integration, as independent merchant integration is required to facilitate the exchange of payment data.

EMVCo also recognises the benefits from a more consistent user experience, indicated by an SRC Mark that conveys a secure payments environment to consumers at participating merchants.

EMVCo’s work in this area therefore aims to improve remote transaction security by offering a global and interoperable technical framework and specification upon which SRC systems can be built to improve security, simplify merchant integration, enhance scalability and enable a consistent consumer experience when conducting remote payments.

Q: Why is EMVCo working in this area?

A: The EMV® Chip Specifications have proven successful in limiting fraud at the physical point-of-sale, and EMV® SRC aims to deliver comparable levels of security, interoperability and convenience to enhance the remote environment.

EMVCo has the strategic breadth, industry knowledge, and technical depth to develop and maintain frameworks and specifications that can help support secure digital card payments.

In addition to EMVCo’s expertise, the global technical body has an organisational structure that enables collaboration within the payments community, and a well-established track record of technical specification delivery. EMVCo is dedicated to developing globally interoperable specifications as the payment industry continues to evolve.

Fundamentally, EMVCo has the appropriate experience to ensure frameworks and specifications are developed that maintain compatibility with the existing payment infrastructure.

View all related FAQs (PDF)

Get Involved

Draft Specifications and Bulletins are shared with EMVCo Associates and Subscribers, who provide feedback and submit Queries.  They are also eligible to attend relevant meetings to discuss the Specifications.

See ways to participate