Guidelines from EMVCo can help improve e-commerce payment authentication for air travel, with hotel and car rental purchases to follow

 

Frequently Asked Questions (FAQ)

 

1. What is the CEMV 3D-Secure (EMV 3DS) Travel Industry Message Extension?

The document describes how travel industry merchants can provide additional travel-related data to issuers for use in risk-decisioning. The document focuses exclusively on e-commerce payment transactions within the travel industry.

 

2. Why is this extension needed and will this additional data create more friction in the purchase process?

Travel industry and airline payments are vulnerable to fraud due to the remote sales environment and high-value transactions. According to data from the International Air Travel Association (IATA) [1], airline card sales are exposed to fraud which is estimated at close to USD1 billion per year.

If travel industry merchants share the supplemental data outlined in the document, issuers can better verify the authenticity of e-commerce transactions using existing systems and without impacting the payment process for the customer.

Issuers can use the additional data as part of a risk-based approach, which promotes frictionless authentications. To view a full list of the data fields, download the EMV 3DS Travel Industry Message Extension.

 

3. Is the EMV 3DS Travel Industry Message Extension consistent with consumer privacy principles?

 An EMV 3DS transaction utilises consumer data, transferred securely from merchants to issuers, for the purposes of evaluating risk to help prevent fraud. Travel merchants and issuers using this data for this purpose are responsible for complying with applicable privacy laws.

 

4. How will the extension be adopted by the travel industry?

 The EMV 3DS Travel Industry Message Extension has been designed to exclusively meet the needs of the travel industry to help reduce transaction fraud. Accordingly, EMVCo expects the document to be used by parties to develop and implement EMV 3DS-compliant products and services that support the travel industry in its efforts to improve e-commerce payment authentication.

To learn more about the role EMVCo plays within the payments ecosystem, read its Operating Principles.

 

5. Who has been involved in defining these requirements?

 EMVCo has an established Associates Programme that is open to all industry stakeholders. It engages with its Associates to collect industry input to develop and refine its specifications. This serves to solidify EMVCo’s understanding of industry requirements to support global interoperability, security and cardholder authentication.

On this specific document, the EMV 3DS Working Group engaged with EMVCo Associates operating within the travel sector. Current EMVCo Associates Amadeus and IATA provided valuable and extensive input to ensure the data required in the message extension aligned with current systems and best practice. This aims to minimise additional friction during the purchase experience. Input was also received from Expedia, which was previously a participant in the programme.

EMVCo welcomes new participants who are interested in contributing to the EMV 3DS Protocol and Core Specification effort to join its Associates Programme or to become a Subscriber to access advance EMV 3DS information.

 

6. Will EMVCo provide any further updates to the travel sector?

 Yes. EMVCo is now advancing the document to expand the Travel Industry Message Extension to include data that support hotel and car rental e-commerce payment transactions.

 

7. Is the document available to all parties without charge?

 Yes. The EMV® 3DS Travel Industry Message Extension is available on a royalty-free basis for anyone to download from the EMVCo website.

 

EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

[1] https://www.iata.org/en/programs/airline-distribution/industry-fraud-prevention-initiative/