EMVCo Publishes EMV® 3-D Secure 2.3 to Support More Secure and Convenient E-Commerce Authentication

EMV® 3DS Version 2.3 expands support for digital channels and devices to help issuers, acquirers and merchants fight card-not-present fraud, while improving the consumer experience.

 06 October 2021 – Global technical body EMVCo has enhanced the EMV® 3-D Secure (3DS) Specifications to improve the consumer experience and fraud fighting capabilities for issuers, acquirers and merchants across e-commerce channels and devices. The latest version, EMV 3DS 2.3, has been published following approval of its release by EMVCo’s Board of Advisors.

EMV 3DS 2.3 introduces enhancements to increase flexibility for optimising EMV 3DS implementation across multiple channels and devices, help issuers identify fraudulent transactions more quickly and accurately, and streamline the authentication process for consumers to improve the overall payment experience.

Key updates include:

Greater flexibility to support different technical environments

  • New Split-SDK model with multiple variants makes it easier to implement EMV 3DS across both traditional and non-traditional e-commerce payment channels and devices, such as smart speakers and other IoT devices.

Additional authentication approaches to enhance security and fraud prevention

  • EMVCo has collaborated with the World Wide Web Consortium (W3C) and the FIDO Alliance to include support for WebAuthn (Web Authentication) and SPC (Secure Payment Confirmation) that issuers and merchants can use within the EMV 3DS flow to better determine the legitimacy of a transaction in order to reduce the risk of fraud.

Streamlined consumer authentication

  • Support for device binding, which enables the consumer to be remembered on their device and can reduce the need for an authentication challenge.
  • Automated out-of-band (OOB) transitions, which help the consumer to switch seamlessly between a merchant application and an authentication application.
  • Additional recurring transaction data and EMV Payment Token data, which help issuers to better identify the transaction and can simplify the authentication experience for future purchases.

“Fighting payment fraud and reducing checkout friction is key to businesses delivering a safe and convenient online shopping experience for their customers,” says Robin Trickel, Chair of the EMVCo Executive Committee. “EMVCo continually collaborates with the payments community to look for opportunities to optimise efficiencies, improve usability and promote consistency, without compromising security. We are excited about the potential of EMV 3DS version 2.3 to support the delivery of better, safer checkout experiences in new digital payment scenarios.”

The EMV 3DS Specifications are available on the EMVCo website and include the EMV® 3-D Secure—Protocol and Core Functions Specification, the EMV® 3-D Secure—SDK Device Information, the EMV® 3-D Secure—SDK Specification, and the EMV® 3-D Secure—Split-SDK Specification.

To learn more about the latest EMV 3DS activity, view EMV® Insights.

About EMV 3DS

EMV 3DS is a fraud prevention technology that enables consumer authentication, without adding unnecessary friction to the payment process that often leads to abandoned purchases. Merchants use EMV 3DS to confirm that the consumer making the purchase is the actual cardholder. This authentication process involves the merchant sending data to the issuer so they can approve the transaction, which includes information about the transaction, payment method and device being used. The EMV 3DS Specifications provide a common set of requirements that product providers can use to integrate this technology into their solutions.


– ENDS –

For further EMVCo media information please contact David Amos / Chloe Mercer– Tel: +44 113 3501922 or email: david@iseepr.co.uk / chloe@iseepr.co.uk

View PDF

Notes to Editors

EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

About EMVCo

EMVCo is the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes. EMV is a technology toolbox that enables globally interoperable secure payments across face-to-face and remote environments. Adoption of EMV Specifications and associated approval and certification processes promotes a unified international payments framework, which supports an advancing range of payment methods, technologies and acceptance environments. The specifications are available royalty free, designed to be flexible, and can be adapted regionally to meet national payment requirements and accommodate local regulations.

EMVCo is collectively owned by American Express, Discover, JCB, Mastercard, UnionPay and Visa, and focuses on the technical advancement of the EMV Specifications. To provide all payment stakeholders with a platform to engage in its strategic and technical direction, EMVCo operates an Associates Programme and encourages all interested parties to get involved.

www.emvco.com | EMV® Insights | LinkedIn | Twitter | An Introduction to EMVCo | YouTube