EMVCo released EMV 3DS 2.3.1, the latest version of the 3-D Secure protocol, in August 2022. It provides additional capabilities to prevent misuse of new data elements and supports more channels and devices. Overall, it is intended to further improve the user experience for cardholders.
Alisa Ellis, Chair of the Executive Committee at EMVCo, believes that "Enriched data and flexible authentication methods will help issuers and merchants better assess the legitimacy of transactions, further reduce the risk of misuse, and improve the user experience for card payments.”
The European Central Bank's Card Fraud Report shows that in 2021 around 80 percent of all fraudulent card transactions occur in e-commerce. This alone is reason enough for all parties involved - card issuers and acquirers - to update their systems to effectively counter fraudsters’ activities. At the same time, this is an opportunity to strengthen the trust of cardholders and merchants.
Issuer: Further improving the user experience with the latest 3DS version
Over the past two years, consumers have become accustomed to using their cards almost anytime, anywhere. This is true not only for payments at retail checkouts but also for online purchases.
With the latest version of 3-D Secure, issuers can offer their cardholders even more usage options, further simplify card use and reduce the risk of misuse.
For example, integrating new devices such as smart speakers ("Alexa") or smart TVs ensures a better user experience. To continue in ensuring a high level of security for online shopping here, the SDK that establishes the connection between such devices and the 3DS server and the Access Control Server (ACS) will be split into an SDK client and an SDK server (split SDK).
Since smartphones or tablets are mainly used for online shopping, EMVCo emphasises continuously making the app channel more user-friendly. For example, switching between merchant and bank authentication apps should be as automatic as possible. EMV 3DS 2.3.1 also offers further improvements in this area.
Easier authentication thanks to trusted listing and device binding
Cardholders already have the option to add a merchant to the list of trusted online stores via opt-in (Trusted Listing) to avoid future authentication. Similar to the user journey, the cardholder now also has the option to nominate their device as trusted and allow the issuer to store their device data (device binding). These two functions work independently of each other. Device binding provides the issuer additional data for its risk-based authentication (RBA), thus reducing authentication requests.