How EMV^® Specifications are Supporting Online Commerce

The increasing digitalisation of global economies, along with the unprecedented growth in online commerce, means that consumers and businesses are demanding more from payments. In this post, Brian Byrne, EMVCo Director of Engagement and Operations, explains how the EMV^® Specifications have evolved beyond EMV Chip to support technologies that enable reliable and convenient online commerce.

A recent report from the Federal Reserve Bank of Boston notes that “consumers not only have higher expectations when it comes to online security, but they also expect their digital transactions to be faster and more convenient.”

But as digital payment volumes soar across various channels, inconsistent processes and fragmentation are undermining the ability to deliver a safe and seamless online experience.

To address these challenges, a consistent, joined-up approach is clearly required. This is why global initiatives like EMV Specifications have such a critical role to play.

Consider the EMV Chip Specifications, which provide a blueprint for chip cards and terminals to work in the same way, no matter where they are used. With over ten billion EMV chip cards now in global circulation (and one billion in the U.S. alone), this success provides a model for bringing consistency to online commerce. For this reason, EMV Specifications have evolved beyond EMV chip to support technologies that enable reliable and convenient online commerce.

How EMV Specifications support online commerce

EMVCo has developed EMV 3-D Secure (EMV 3DS), EMV Secure Remote Commerce (EMV SRC) and EMV Payment Tokenisation Specifications. These technologies can be used together or separately and, like all EMV Specifications, are available on a royalty-free basis to allow their universal and consistent use.

The EMV SRC Specifications enable a common consumer e-checkout, Click to Pay, and provide the opportunity for all merchants, regardless of size, to offer trusted, safe and convenient card-based payments to consumers shopping online.

EMV Payment Tokenisation is the process of replacing a consumer’s primary account number (PAN) – the long number on payment cards used to make purchases – with a unique payment token. This offers consumers and merchants the ability to protect payment data throughout a transaction to support security.

And EMV 3DS is a fraud-prevention technology that enables consumers to authenticate themselves with their card issuer. EMV 3DS supports data-driven and risk-based decisioning that encourages frictionless authentication and minimises the potential for false declines. For most transactions, the consumer clicks or taps online and the payment is approved (while higher risk transactions reassuringly still require an additional layer of security, such as a biometric).

The benefits these technologies deliver to the U.S. payments industry are evident. The U.S. Payments Forum continues to “encourage implementation of fraud fighting tools like [EMV] 3DS, [EMV] Secure Remote Commerce and others.” And the Federal Reserve Bank of Atlanta has commented that “the [U.S. payments] industry is undoubtedly in a much better position today to mitigate CNP fraud than it was in the early days of EMV adoption in other countries.”

Understanding the importance of industry collaboration

Of course, the work is not done. The Federal Reserve Bank of Boston highlights that “industry stakeholders should collaborate to […] ensure that common industry protocols are aligned, interoperable, and scalable.” This is exactly what EMVCo is doing.

EMVCo engages with hundreds of organisations around the world to develop and advance EMV Specifications. For online commerce, this has included work with the merchant, travel and video gaming communities to understand and address specific requirements. The latest iteration of the EMV 3DS Specification (which will be published this year) is testament to this extensive engagement and includes various enhancements to address industry needs for security, performance and user experience.

EMVCo also works closely with other industry associations and technical bodies. For example, in 2019, EMVCo, FIDO Alliance and W3C collaborated to create the Web Payments Security Interest Group (WPSIG) to enhance the security and interoperability of web payments. The group’s charter has now been renewed until at least 2023.

Continuing this broad collaboration is essential as the EMV Specifications continue to evolve to meet the new challenges and opportunities presented by online commerce, including the growth of transactions through voice-activated and IoT devices, the blurring of in-store and online payment experiences, and the increasing sophistication of fraudsters.