EMV 3-D Secure Version 2.3.1 : New opportunities for issuers and acquirers

For cardholders and merchants, processing card payments in e-commerce should be as easy and convenient as they are used to from traditional checkouts - this is a challenge that card issuers and acquirers are equally confronted with. At the same time, they must maintain a high level of security and meet the regulatory requirements of the European Payment Services Directive. The latest version of the 3-D Secure protocol provides further enhanced tools for this purpose, opening new opportunities for issuers and acquirers.

EMVCo released EMV 3DS 2.3.1, the latest version of the 3-D Secure protocol, in August 2022. It provides additional capabilities to prevent misuse of new data elements and supports more channels and devices. Overall, it is intended to further improve the user experience for cardholders.

Alisa Ellis, Chair of the Executive Committee at EMVCo, believes that "Enriched data and flexible authentication methods will help issuers and merchants better assess the legitimacy of transactions, further reduce the risk of misuse, and improve the user experience for card payments.”

The European Central Bank's Card Fraud Report shows that in 2021 around 80 percent of all fraudulent card transactions occur in e-commerce. This alone is reason enough for all parties involved - card issuers and acquirers - to update their systems to effectively counter fraudsters’ activities. At the same time, this is an opportunity to strengthen the trust of cardholders and merchants.


Issuer: Further improving the user experience with the latest 3DS version

Over the past two years, consumers have become accustomed to using their cards almost anytime, anywhere. This is true not only for payments at retail checkouts but also for online purchases.

With the latest version of 3-D Secure, issuers can offer their cardholders even more usage options, further simplify card use and reduce the risk of misuse.

For example,  integrating new devices such as smart speakers ("Alexa") or smart TVs ensures a better user experience.  To continue in ensuring a high level of security for online shopping here, the SDK that establishes the connection between such devices and the 3DS server and the Access Control Server (ACS) will be split into an SDK client and an SDK server (split SDK).

Since smartphones or tablets are mainly used for online shopping, EMVCo emphasises continuously making the app channel more user-friendly. For example, switching between merchant and bank authentication apps should be as automatic as possible. EMV 3DS 2.3.1 also offers further improvements in this area.

Easier authentication thanks to trusted listing and device binding

Cardholders already have the option to add a merchant to the list of trusted online stores via opt-in (Trusted Listing) to avoid future authentication. Similar to the user journey, the cardholder now also has the option to nominate their device as trusted and allow the issuer to store their device data (device binding). These two functions work independently of each other. Device binding provides the issuer additional data for its risk-based authentication (RBA), thus reducing authentication requests.

Tanja Steinhoff, Senior Product Manager for Netcetera's 3-D Secure Issuer Service, says:

"We have already certified our Access Control Server (ACS) for EMV 3DS 2.3.1 in December 2022 - the world’s first ACS certified for the latest protocol! So nothing stands in the way of using the latest technology to improve the user experience and combat abuse.”

Acquirer: Smooth check-out support

For online retailers, the focus is on conversion: as many visitors to their stores as possible should complete their purchase successfully. Merchants are professionals when it comes to designing and presenting their product range; when it comes to processing payments, on the other hand, acquirers need to provide support. The aim is to keep the costs of online payment procedures low while maximizing the purchase completion rate.

According to a study by the research institute ibi research (University of Regensburg), the supposedly attractive purchase on account option comes off worst when considering the total costs of online payment methods. The supposedly good online conversion often leads to considerable additional expense for the merchant when consumers fail to pay the invoice. On the other hand, the costs of card payments are manageable, and the increasing consumer demand for card use in e-commerce has also caught on with most retailers: According to the EHI Retail Institute, around 94 percent of online stores now offer their customers payment by credit card.

For acquirers, the challenge of making check-out with a card payment as smooth and secure as possible in cooperation with the merchant is increasing. In doing so, it is essential to make the most of the possibilities offered by the current version of 3-D Secure - from the automatic switch between the merchant  and banking apps to device binding.

One of the most significant possibilities with EMVCo 2.3.1 is Secure Payment Confirmation, which simplifies the web payment journey to its maximum while making the authentication parts invisible to the customer. This definitely adds to the smoothness of the whole payment process. Applying strong customer authentication on customer devices, such asthe fingerprint reader on a notebook, the merchant can offer a super convenient and streamlined checkout experience with the highest security during web shopping.

Ivan Vukelikj, Senior Product Manager of Secure Digital Payments at Netcetera says:

 “Merchants now have many opportunities with the EMV 3DS 2.3.1. The latest payment protocol opens new opportunities and enables them to strengthen their authentication strategy and improve communication with issuers.

This becomes even more achievable with the right technology partner, such as Netcetera. This partnership means we are advancing step by step together to enable a seamless customer experience with the highest data security.”  

As EMVCo Associate, Netcetera is always at the forefront of this development. We would be happy to show you how you can benefit from the latest EMVCo Protocol 3DS 2.3.1.


EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

Want to know more? Get in touch with us!

More stories

On this topic