EMV® 3-D Secure Specification

EMV® 3-D Secure (3DS) is a messaging protocol that promotes frictionless consumer authentication and enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorised CNP transactions and helps protect the merchant from exposure to CNP fraud.

The three domains consist of the merchant / acquirer domain, issuer domain, and the interoperability domain (e.g. payment systems). EMVCo has created, owns and manages the EMV® 3-D Secure – Protocol and Core Functions Specification v2.2.0 and related industry materials.

The EMV® 3-D Secure Specification:

  • Supports specific app-based purchases on mobile and other consumer devices.
  • Promotes an improved consumer experience by enabling intelligent risk-based decisioning that encourages frictionless consumer authentication.
  • Delivers enhanced security features.
  • Specifies use of multiple options for step-up authentication, including one-time passcodes, as well as biometrics via out-of-band authentication flows.
  • Enhances functionality that enables merchants to integrate the authentication process into their checkout experiences, for both app and browser-based implementations.
  • Offers performance improvements for end-to-end message processing.
  • Adds a non-payment message category to provide cardholder verification details to support various non-payment activities, such as adding a payment card to a digital wallet.
  • Enables merchant-initiated account verification.
  • Is available on a royalty-free basis to all industry participants and to the public.

EMVCo has also made available the full EMV® 3DS Test Platform, which enables the functional testing of EMV® 3DS solutions. Letters of Approval are currently being issued for those 3DS products that have successfully tested against version 2.1.0. A list of approved products can be found on the EMVCo website. Products submitted for EMV® 3DS v2.2.0 compliance testing will also be tested against EMV® 3DS v2.1.0 to receive an EMV® 3DS v2.2.0 Letter of Approval.

Resources

EMV® 3-D Secure demo

Visual demonstration of how EMV® 3DS-Compliant Solutions can be implemented on a mobile device or integrated into merchant’s app. It highlights 3 possible verification scenarios: frictionless flow, one-time-passcode, and out of band.

EMV® 3-D Secure webcast

In this webcast, recorded in October 2016, Craig Gilbert, Chair of EMVCo’s 3DS Working Group, provides an overview of EMV 3DS and shares the drivers for the new specification. Listeners will also receive insight into some use-case examples.

EMV® 3-D Secure Frequently Asked Questions

In this Frequently Asked Question document, readers can learn more about EMV® 3DS, the role that it plays in the payments ecosystem, and why EMVCo is involved in this area.

New frontiers in secure commerce: EMV® 3-D Secure webinar

This webinar from the Electronic Transactions Association (ETA), recorded in July 2019, discusses how EMV® 3-D Secure (3DS) is implemented in eCommerce environments and its relationship with the new Strong Customer Authentication (SCA) requirements under Payment Service Directive 2, and PCI 3DS security standards. It features Tabitha Odom, former-Chair of the EMVCo 3DS Working Group, and leading representatives from Google, CardinalCommerce and ControlScan.

An update on EMV® 3-D Secure webcast

In this webcast, recorded in July 2019, Tabitha Odom, former-Chair of the EMVCo 3-D Secure Working Group, provides an overview of EMV® 3-D Secure (3DS). Listeners will receive insight into the key updates within version 2.2.0, such as the exemptions to Strong Consumer Authentication (SCA) for the European Second Payment Services Directive (PSD2), and how it meets current industry requirements.

Trademark & Assets

EMV® Trademark Usage Guidelines

These guidelines define acceptable use for the EMV® Mark in printed and on-screen applications.