EMV® 3DS version 2.3.1 introduces new data and features to streamline consumer authentication and enhance card-not-present (CNP) fraud prevention

29 September 2022 – Global technical body EMVCo has released an update to the EMV 3-D Secure (3DS) Specifications to help issuers and merchants combat growing card-not-present (CNP) fraud risks. EMV 3DS 2.3.1 builds on earlier versions of the specifications with new data elements and flows that streamline consumer authentication and enhance card-not-present (CNP) fraud prevention. To maximise efficiencies and continue to promote a seamless payment experience, EMV 3DS 2.3.1 is effective immediately and replaces EMV 3DS 2.3.0.

Key enhancements in EMV 3DS 2.3.1 include:

  • New data elements to support Secure Payment Confirmation (SPC), that issuers and merchants can use within the EMV 3DS flow to better determine the legitimacy of a transaction in order to reduce the risk of fraud.
  • New data elements to support out-of-band (OOB) authentication, which offers a simpler, easier-to-use way for consumers to confirm a transaction when an authentication method through a separate channel is required.
  • User interface (UI) enhancements to enrich the user experience and additional features to improve the functionality of server components.
  • New data elements and flows to enhance the options for the challenge process, an additional authentication step required for higher risk transactions.

EMVCo has also developed an EMV 3DS Bridging Message Extension that enables current 2.1 and 2.2 products to utilise selected features introduced in version 2.3.1.

“Rich data and flexible authentication methods can help issuers and merchants better determine the legitimacy of a transaction, reduce the risk of fraud and improve the payment experience for consumers. Working with EMVCo Associates and Subscribers, FIDO Alliance and the World Wide Web Consortium (W3C), we identified an opportunity to further enhance the EMV 3DS Specifications with version 2.3.1 to help issuers and merchants mitigate card-not-present (CNP) fraud and increase the security of online payments,” said Alisa Ellis, EMVCo Executive Committee Chair. “EMV 3DS 2.3.1 is just the latest example of how collaboration with the payments community is key to the ongoing evolution of EMV Specifications that support innovation and address marketplace needs.”

The EMV 3DS Specifications are available on the EMVCo website and include the EMV® 3-D Secure—Protocol and Core Functions Specification, the EMV® 3-D Secure—SDK Device Information, the EMV® 3-D Secure—SDK Specification, and the EMV® 3-D Secure—Split-SDK Specification.

About EMV 3DS

EMV 3DS is an e-commerce fraud prevention technology that enables consumer authentication, without adding unnecessary friction to the payment process that often leads to abandoned purchases. Merchants use EMV 3DS to confirm that the consumer making the purchase is the actual cardholder. This authentication process involves the merchant sending data to the issuer so they can approve the transaction, which includes information about the transaction, payment method and device being used. The EMV 3DS Specifications provide a common set of requirements that product providers can use to integrate this technology into their solutions.

– ENDS –

For further EMVCo media information please contact David Amos / Chloe Mercer – Tel: +44 113 3501922 or email: david@iseepr.co.uk / chloe@iseepr.co.uk

EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.