EMV® Secure Remote Commerce

EMV® Secure Remote Commerce (SRC) offers an approach to promote security and interoperability within the card payment experience in a remote payment environment.

Specifications

Version Published Description Related Bulletins
1.0 01 Nov 2017 EMV® Secure Remote Commerce Technical Framework See All

Education Materials

FAQs

Q: What is EMV®* Secure Remote Commerce?

A: EMV® Secure Remote Commerce (SRC) offers an approach to promote security and interoperability within the card payment experience in a remote payment environment.

EMV® SRC will facilitate checkout through information stored and managed by an SRC System (e.g. payment network) and SRC System Participants (e.g. issuers and merchants).

EMVCo is defining the specification that enables a merchant to obtain a consistent, secure payload of customer payment information that establishes card validity and can therefore be used to facilitate authorisation through existing channels.

When finalised, it is expected that v1.0 of the EMV® SRC Specification will:

  • Define interfaces to allow for secure exchanges of payment data across participants in the digital commerce environment.
  • Accommodate options for using dynamic data, such as cryptograms or other transaction unique data, to enhance the security of payment transactions on a merchant’s SRC enabled website, mobile app or other e-commerce platform.
  • Enable compatibility with other technologies such as EMV® Payment Tokenisation and EMV® 3-D Secure.
  • Facilitate consumer recognition of a common user experience, indicated by an SRC Mark, which conveys to a consumer that a merchant’s e-commerce environment is enabled for EMV® SRC.

This work is being developed with input from industry participants and will be available to all parties on a royalty-free basis from the EMVCo website once published.

Q: How can EMV® SRC add value to the remote payments environment and what challenges does it address?

A: EMVCo exists to facilitate worldwide interoperability and acceptance of secure payment transactions. It accomplishes this by managing and evolving the EMV® Specifications.

EMV® SRC offers the potential to address challenges within the remote payments environment to promote an enhanced payment experience for consumers.

Remote commerce, also called e-commerce, continues to grow worldwide with the popularity of online purchasing. Remote commerce involves a checkout process whereby a merchant or commerce provider requests a consumer’s permission to use their payment method to complete a transaction. The current remote commerce ecosystem enables payments using a range of integration models and implementation practices. This can create inconsistency and complexity during the consumer’s purchase. Additionally, the key entry, transmission and subsequent storage of live primary account numbers (PAN) introduces potential risk.

Challenges that EMV® SRC can address include the fact that remote commerce is often initiated through the manual entry and storage of the PAN into a website or application by the consumer. In parallel, data storage solutions that utilise usernames and passwords are widely implemented. As a result, the harvesting of manually entered data, or account takeover of established usernames and passwords, are a few examples of the vulnerabilities that can lead to the potential for massive data breaches. Also, the use of malware that exploits system vulnerabilities is increasingly common. EMV® SRC aims to mitigate the impact of such potential risks from occurring.

In addition, the actual method of delivering the payment card data to the merchant is inconsistent. This has led to the development of a variety of solutions, which has created possible further vulnerabilities within the remote commerce environment that can potentially be exploited.

Also, the remote environment has evolved using proprietary solutions, with multiple participants and use cases increasing the complexity associated with technology integration, as independent merchant integration is required to facilitate the exchange of payment data.

EMVCo also recognises the benefits from a more consistent user experience, indicated by an SRC Mark that conveys a secure payments environment to consumers at participating merchants.

EMVCo’s work in this area therefore aims to improve remote transaction security by offering a global and interoperable specification upon which SRC systems can be built to simplify merchant integration, enhance scalability and enable a consistent consumer experience when conducting remote payments.

Q: Why is EMVCo working in this area?

A: The EMV® Chip Specifications have proven successful in limiting fraud at the physical point-of-sale, and EMV® SRC aims to deliver comparable levels of security, interoperability and convenience to enhance the remote payments environment.

EMVCo has the strategic breadth, industry knowledge, and technical depth to develop and maintain frameworks and specifications that can help support secure digital card payments. The EMV® Specifications are flexible to accommodate global needs and can be adapted for regional payment requirements.

In addition to EMVCo’s expertise, the global technical body has an organisational structure that enables collaboration within the payments community, and a well-established track record of technical specification delivery. EMVCo is dedicated to developing globally interoperable specifications as the payment industry continues to evolve.

Fundamentally, EMVCo has the appropriate experience to ensure frameworks and specifications are developed that maintain compatibility with the existing payment infrastructure.

View all related FAQs (PDF)

Get Involved

Draft Specifications and Bulletins are shared with EMVCo Associates and Subscribers, who provide feedback and submit Queries.  They are also eligible to attend relevant meetings to discuss the Specifications.

See ways to participate