EMVCo and PCI SSC Combine Expertise on 3-D Secure 2.0

Collaboration to ensure the wider payments environment for 3DS 2.0 is secure

WAKEFIELD, Mass.--()--Technical body EMVCo and PCI Security Standards Council have announced that they are collaborating to support the upcoming launch of 3-D Secure 2.0 (3DS 2.0). The announcement was made at the PCI Security Standards Council Community Meeting of global cybersecurity experts in Las Vegas, U.S., last week.

3DS is a messaging protocol used by the payments industry to enable consumers to authenticate themselves with their card issuers when making online purchases through PC web browsers. Later this year, EMVCo will release EMV® 3-D Secure – Protocol and Core Functions Specification v2.0 (EMV 3DS 2.0 Specification). This specification will support the payments industry in delivering a globally interoperable and consistent consumer experience across major e-commerce channels and connected devices, including in-app purchases.

Based on this functional specification, the PCI Security Standards Council is working to provide security requirements, testing procedures, assessor training and reporting templates to address the environmental security associated with 3DS 2.0. The related documentation will be released in the first half of 2017.

“3DS 2.0 is critically important to introduce improved authentication and we are excited to be working hand-in-hand with EMVCo to secure all payment channels,” said PCI Security Standards Council Chief Technology Officer, Troy Leach. “The marketplace is changing every day, and with mobile payments projected to continue to rise, it is vitally important that the security concerns be addressed in the design of the authentication system to keep up with the evolving threats.”

Jonathan Main, current Chair of the EMVCo Board of Managers, commented: “The EMV 3DS 2.0 Specification provides a functionality ‘tool box’ to parties who wish to develop and implement 3DS 2.0 compliant products and services. This enables all solutions to be globally interoperable and promotes a unified international payments framework. Following the release of the EMV 3DS 2.0 Specification later this year, solutions will be created and their introduction into the marketplace needs to be workable and defined. We recognize that this requires a number of industry stakeholders to work together to establish a secure framework and we are delighted to be collaborating with PCI Security Standards Council to facilitate this process.”

About the PCI Security Standards Council

The PCI Security Standards Council is a global forum that is responsible for the development, management, education, and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security. Connect with the PCI Council on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.

About EMVCo

Notes to Editors:

® EMV is a registered trademark or trademark of EMVCo LLC in the United States and other countries.

Visa invented and maintains sole ownership and management of the 3DS 1.0 Specifications. EMVCo announced in January 2015 that it would develop, manage and own the EMV 3DS 2.0 Specifications. Read the press release to find out more.

The EMV 3DS 2.0 Specification:

  • Supports specific application-based purchases on mobile and other connected devices.
  • Improves the consumer experience by enabling intelligent risk-based decisioning that encourages frictionless consumer authentication.
  • Delivers industry leading security enhancements.
  • Provides better use of one-time passwords and knowledge-based authentication.
  • Supports issuers in offering their own authentication solutions through an out-of-band approach.
  • Enhances functionality that enables merchants to integrate the authentication process seamlessly into their checkout experiences, for both application- and browser-based implementations.
  • Offers performance improvements for end-to-end message processing.

To find out more watch the EMVCo webcast for a detailed insight into EMVCo’s work and example use cases and read the FAQs for an overview of EMVCo’s scope and work plan.

EMVCo is the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes. Adoption of EMV Specifications and associated approval and certification processes promotes a unified international payments framework, which supports an advancing range of payment methods, technologies and acceptance environments. The specifications are designed to be flexible and can be adapted regionally to meet national payment requirements and accommodate local regulations.

EMVCo is collectively owned by American Express, Discover, JCB, MasterCard, UnionPay and Visa, and focuses on the technical advancement of the EMV Specifications. To provide all payment stakeholders with a platform to engage in its strategic and technical direction, the EMVCo Associates Programme receives significant input from its Business and Technical Associates, which consist of industry participants including issuers, acquirers, payment networks, merchants, manufacturers, technology providers and testing laboratories from numerous countries. Any interested party is able to join EMVCo’s Subscriber Service, which provides access to advance information regarding new developments and draft documents, and the opportunity to provide feedback and input on the work of EMVCo.

Visit www.emvco.com for further information and join EMVCo on LinkedIn.

Contacts

For further PCI Security Standards Council media information:
press@pcisecuritystandards.org
Twitter: @PCISSC
or
For further EMVCo media information:
Sarah Jones / David Amos, +44 1943 468007
sarah@iseepr.co.uk / david@iseepr.co.uk

Release Summary

EMVCo and the PCI Council announced their collaboration to support the upcoming launch of 3DS 2.0 to ensure a consistent and secure experience across many different payment channels.

Contacts

For further PCI Security Standards Council media information:
press@pcisecuritystandards.org
Twitter: @PCISSC
or
For further EMVCo media information:
Sarah Jones / David Amos, +44 1943 468007
sarah@iseepr.co.uk / david@iseepr.co.uk