EMV® 3-D Secure (EMV 3DS) version 2.3 introduced additional authentication approaches that enhance security and fraud prevention. In our latest webcast, EMV 3DS Working Group Chair, Elint Chu, explains key updates in this version, including how it provides streamlined consumer authentication to minimise friction and optimise the payment experience.
EMV 3-D Secure (EMV 3DS) is an e-commerce fraud prevention technology that enables consumer authentication for card-not-present (CNP) purchases, without adding unnecessary friction to the checkout process.
The EMV 3DS Specifications provide a common set of requirements product providers can use to integrate this technology into their solutions to support seamless and secure e-commerce payments.
EMV 3DS solutions help card issuers to identify fraudulent transactions more quickly and accurately, so that merchants can prevent e-commerce fraud with minimal disruption to the purchase process, and consumers can expect a safe and easy checkout experience.
1. For issuers, it enables enhanced authentication and fraud management
2. For merchants, it offers greater security and reduced friction
3. And consumers get a better, safer checkout experience
The consumer only sees a simple process:
- For many transactions, they simply click or tap online, and the payment is approved.
- For some transactions, issuers may determine that further authentication is needed – for example, because of an unusual purchase pattern that does not fit with the consumer profile. In such cases, consumers are prompted to authenticate themselves using a one-time passcode, knowledge-based questions, biometrics, or another method.
EMV 3DS 2.3 introduces enhancements that increase flexibility in optimising EMV 3DS implementation across multiple channels and devices, such as gaming consoles or smart speakers. It also provides streamlined consumer authentication to minimise friction and optimise the payment experience. These enhancements include improved out-of-band transitions, an improved user interface, and support for WebAuthn (Web Authentication) and SPC (Secure Payment Confirmation).
Automated out-of-band (OOB) transitions
Typically, OOB authentication has been a manual process for consumers, involving multiple steps. For example, the consumer would leave the merchant app to log in separately to the banking app. Then in the banking app they would review and confirm the transaction is legitimate. Then they would close this app and return to merchant app to complete the checkout process.
Automated transitions help consumers to switch seamlessly between a merchant application and an authentication application. This provides a simpler, easier-to-use way for consumers to confirm a transaction when an OOB authentication is used.
User interface enhancements
EMV 3DS v2.3 also introduces enhancements to the user interface (UI) to provide issuers with additional options for streamlining how information is presented and communicated to consumers, to guide them through the authentication process easily and efficiently.
These enhancements include:
1. The option for two information entry boxes on the same screen
2. A clearer information template
3. An additional button to provide an alternative choice for authentication methods
4. The option to keep the Header zone anchored at the top of the display
Adding support for WebAuthn and SPC
EMVCo has also collaborated with the World Wide Web Consortium (W3C) and the FIDO Alliance to include support for WebAuthn (Web Authentication) and SPC (Secure Payment Confirmation) that issuers and merchants can use within 3DS flow. It provides an alternative and easier-to use way for cardholders to use FIDO-based strong authentication.
To see examples of these enhancements and more, watch our educational video EMV® 3DS 2.3: Fighting Fraud and Friction.
by Oliver Manahan
by Arman Aygen