SIGN UP LOG IN

Secure Remote Commerce

Secure Remote Commerce (SRC) is a common approach that provides security and interoperability to deliver the safest card payment experience in a remote environment. It aims to enable the secure exchange of payment information through common interfaces between participating entities, which may include, for example, merchants and issuers.

Specifications

Version Published Description Related Bulletins
1.0 01 Nov 2017 EMV® Secure Remote Commerce Technical Framework See All

FAQs

Q: What is EMV® Secure Remote Commerce?

A: EMV® Secure Remote Commerce (SRC) offers a common approach to promote security and interoperability within the card payment experience in a remote payment environment. EMVCo is defining a technical framework and specification that enables a merchant to obtain a consistent, secure payload that can be used to facilitate authorisation through existing channels. The framework and specification will:

  • Define common interfaces to enable secure exchanges of data between participating entities, which include merchants and issuers.
  • Outline methods to help protect transactions with dynamic data (for example, the transmission of a unique cryptogram for each transaction).
  • Enable consistent integration of new technologies such as EMV® Payment Tokenisation and EMV® 3-D Secure.
This work is being developed with input from industry participants and will be available to all parties on a royalty-free basis from the EMVCo website.

Q: How can EMV® SRC add value to the remote payments environment and what challenges does it address?

A: EMV® SRC offers the potential to address challenges within the remote payments environment to promote an enhanced payment experience for consumers.

Challenges that EMV® SRC can address include the fact that remote commerce is often initiated through the manual entry and storage of the primary account number (PAN) into a website or application by the consumer. In parallel, data storage solutions that utilise usernames and passwords are widely implemented. As a result, the harvesting of manually entered data, or account takeover of established usernames and passwords, are a few examples of the vulnerabilities that can lead to massive data breaches. Also, the use of malware that exploits system vulnerabilities are increasingly common. SRC aims to mitigate the impact of such issues.

In addition, the actual method of delivering the payment card data to the merchant is inconsistent. This has led to the development of a variety of solutions, which has created possible further vulnerabilities within the remote commerce environment that can potentially be exploited.

Also, the remote environment has evolved using proprietary solutions, with multiple participants and use cases increasing the complexity associated with technology integration, as independent merchant integration is required to facilitate the exchange of payment data.

EMVCo’s work in this area therefore aims to improve remote transaction security by offering a global and interoperable technical framework and specification upon which SRC systems can be built to improve security, simplify merchant integration and enable a consistent consumer experience for remote payments.

Q: Why is EMVCo working in this area?

A: The EMV® Chip Specifications have proven successful in limiting fraud at the physical point-of-sale, and EMV® SRC aims to deliver comparable levels of security, interoperability and convenience to increase confidence across the remote environment.

EMVCo has the strategic breadth, industry knowledge, and technical depth to develop and maintain frameworks and specifications for digital card payments.

In addition to EMVCo’s expertise, the global technical body has an organisational structure that enables collaboration within the payments community, and a well-established track record of technical specification delivery. EMVCo is dedicated to developing globally interoperable specifications as the payment industry continues to evolve.

Fundamentally, EMVCo has the appropriate experience to ensure frameworks and specifications are developed that maintain compatibility with the existing payment infrastructure.

View all related FAQs (PDF)

Get Involved

Draft Specifications and Bulletins are shared with EMVCo Associates and Subscribers, who provide feedback and submit Queries.  They are also eligible to attend relevant meetings to discuss the Specifications.

See ways to participate