EMVCo has published the EMV® 3DS Payment Token Message Extension and supplemental white paper to help card issuers and merchants to optimise the EMV 3-D Secure (EMV 3DS) authentication experience for online shoppers when EMV Payment Tokens are in use, enhancing the fraud-prevention benefits that EMV 3DS provides. In this post, EMVCo Director of Technology Bastien Latge provides insight into how these resources can be used to help deliver a more secure and seamless e-commerce payment experience for the consumer, benefiting all parties in the payment process.
What has EMVCo published?
EMVCo has published an EMV® 3-D Secure (EMV 3DS) Payment Token Message Extension, which details how payment token related data elements can be included in an EMV 3DS message used for authentication. To support the use of the message extension, EMVCo has also published a white paper, which outlines use cases and flows when a EMV 3DS e-commerce transaction uses an EMV Payment Token.
What is the role of EMV 3DS and EMV Payment Tokenisation in card payments?
EMV 3DS is a fraud-prevention technology used for authenticating the consumer in e-commerce card-based payment transactions.
The EMV 3DS Specification provides a common set of requirements product providers can use to integrate this technology into their solutions to support seamless and secure e-commerce payments.
A particularly sensitive piece of payment data when shopping online is the primary account number (PAN) – the number on payment cards that is used to make purchases. EMV Payment Tokenisation provides a technology solution for replacing the PAN and securing digital and online payments.
The EMV Payment Tokenisation Framework supports the development of products that enable a payment token to be used in a payment transaction from point of purchase, passing across the payment networks between acquirers and card issuers, through to payment authorisation by the card issuer.
What is an EMV 3DS message extension?
Specifically, EMV 3DS technology enables the exchange of data, or ‘messages’, between the merchant, payment card issuer and in some cases, the consumer, to authenticate the consumer and reduce the risk of fraud. This data includes hundreds of details about the transaction, payment method and device information.
Issuers use this data as part of their risk analysis to determine how the consumer is authenticated in an EMV 3DS e-commerce transaction.
The EMV 3DS Specification is flexible to allow issuers to accommodate their authentication preferences. EMV 3DS message extensions are documents that support the EMV 3DS Specification to provide additional data elements that issuers can use to better verify the authenticity of e-commerce transactions.
Why is EMVCo introducing these resources?
EMVCo developed the EMV 3DS Payment Token Message Extension and use cases white paper to meet stakeholders’ request for support and guidance on using payment token data to optimise the EMV 3DS authentication process.
EMV Payment Tokens are used across the payments ecosystem to increase the security of card-based transactions by replacing the PAN with a unique alternative value. EMVCo Associates identified an opportunity to leverage this technology in the EMV 3DS authentication process to improve issuer decision making and the consumer experience.
With this input, the EMV 3DS and EMV Tokenisation Working Groups drafted the extension and supporting white paper and in dialog with EMVCo Associates and Subscribers in a 3DS Special Interest Meeting (SIM), updated and finalised the documents for public use.
What industry need are the resources designed to help address?
The resources are designed to help issuers and merchants to optimise the consumer authentication experience for online shoppers when EMV Payment Tokens are in use, enhancing the fraud-prevention benefits that EMV 3DS provides.
For higher risk e-commerce transactions, an issuer may decide that additional consumer authentication is needed, in the form of an ‘authentication challenge’, such as a one-time passcode, knowledge-based questions, biometrics or other method. As the challenge process involves another step for the consumer to take in order to complete their purchase, issuers and merchants are interested in ways to achieve the same level of security without adding friction to the shopping experience.
Using the payment token data, issuers have more information that can help them better identify the transaction and the consumer and reduce the need for an authentication challenge. For example, if the payment token was provided to a specific merchant and that merchant is the merchant for the transaction, or if the payment token is linked to a specific consumer device and the transaction is initiated on that device, these elements may reduce the risk rating for the transaction to allow it to proceed without an authentication challenge.
What are the benefits of these resources for the payments community?
The EMV 3DS Payment Token Message Extension and white paper can be used to help deliver a more secure and seamless e-commerce payment experience for the consumer, benefiting all parties in the payment process.
With the additional payment token information, issuers are equipped to make better risk-based decisions, reducing the need for an additional authentication step for consumers. This means merchants benefit from improved transaction approval rates and a faster, more secure authentication process for their customers.
Is the use of the extension mandatory?
No. The use of the message extension is optional and does not impact interoperability.
Implementers of EMV 3DS solutions who operate within payment ecosystems that have implemented EMV Payment Tokenisation solutions can use this extension to leverage more data elements to support a variety of use cases, as outlined in the supporting white paper.
Which versions of EMV 3DS does the extension support?
The message extension supports 3DS v2.1 and v2.2. Based on the industry’s request for payment token data to be supported, in 3DS v2.3 the payment token data will be included as part of the core specification. The extension capabilities are being integrated into 3DS v2.3. In the meantime, the extension provides a way for using payment token information in current implementations.