Digital Transactions Authoritative, insightful and timely information for payments professionals
With the Europay-MasterCard-Visa (EMV) chip card movement well under way in the U.S. market, a key standards body is training its sights on a technology many believe could combat the fraud EMV is expected to drive to the Web.
By the end of this year, EMVCo plans to have a draft specification ready for a thoroughly revised version of 3D Secure, which is better known in the e-commerce community by the trade names given it by Visa Inc. and MasterCard Inc., Verified by Visa and SecureCode, respectively.
By the end of 2016, the standards body expects to have a final spec in place, according to Brian Byrne, director of operations at EMVCo. Beyond that, the group hopes to have a certification procedure for the security spec written by the end of next year as well, Byrne tells Digital Transactions News. “We will definitely be providing a certification service,” he said during a presentation Thursday at a smart card conference in Salt Lake City, Utah.
EMVCo took over 3D Secure early last month from Visa, MasterCard, and a number of other major networks after the technology had met with years of disappointing adoption.
3D Secure works by requiring consumers to enter what amounts to a password to authenticate themselves before checking out at a Web retailer’s site. The technology is seen by some as a means of counteracting the fraud expected to move online once EMV becomes widely effective at the point of sale in the U.S. market.
But online merchants have long complained the technology is difficult to integrate and takes customers away from their sites to enter their passwords in a separate session. Visa tried promoting the service in its early years by offering interchange incentives. And a few years ago, it hoped to boost merchant and consumer adoption by requiring authentication only when transactions were deemed high-risk by merchants, using a tool supplied by Visa. Still, adoption fell short of expectations.
Now EMVCo, which is best known for its development of the EMV specifications, plans to iron out 3D Secure’s wrinkles. “We acknowledge the first version had some issues as to its smoothness of transaction flow and its integration with merchants,” Byrne conceded. “Our goal [with the revised version] is to facilitate a smoother experience while maintaining security.”
One other weakness the standards body will attack, Byrne said, is that the technology works only in browsers. “It doesn’t work on mobile apps—not an ideal concept for promoting commerce,” he noted. A browser-based standard may have seemed sufficient when 3D Secure was introduced in 2001, before the mobile-payments revolution, but the launch of Apple Pay and other mobile wallets has unleashed a torrent of commerce apps.
Owned by American Express Co., Discover Financial Services, JCB, and UnionPay, besides MasterCard and Visa, EMVCo was established to maintain the EMV chip card standard but also has work in progress on specifications for contactless transactions and has developed specs for tokenization. “We’ve gone a long way beyond that [EMV] scope,” Byrne told the audience, which was attending the Smart Card Alliance’s eighth annual Payments Summit.
