Tag Archives: 3dsecure

Paay Alternative for EMV 3DS

Posted on by
Reply

Concerned about the Paay data breach and looking for an alternative EMV 3DS, specifically EMV 3-D Secure 2.2.0, solution for your card not present transactions? Ask Christine Speedy, a Qualified Integrator and Reseller certified by the Payment Card Industry Security Standards Council. Additionally, Christine has extensive experience in the card not present world offering merchants multiple solutions. The best card not present payment gateway is a critical decision and as an independent agent, I will guide you to both the best technology and credit card processing acquirer for your specific business needs.

QIRs are integrators and resellers specially trained by PCI Security Standards Council to address critical security controls while installing merchant payment systems. QIRs reduce merchant risk and mitigate the most common causes of payment data breaches by focusing on critical security controls. Level 4 merchants process 1 to 1 million transactions annually and are mandated to use only QIR certified people for POS systems or terminals, if not doing internally.

Why bring up QIR for card not present or bigger merchants? Wouldn’t you rather have one of the few QIR cloud security trained in payment processing on your team? Paay does not have anyone listed on the PCI Council web site, though like Christine Speedy, there may be certified salespeople under a different company name. That’s because the certification follows the individual, not the company. Additionally, there is no requirement to use QIR’s at this time for card not present so Paay doesn’t need to have anyone QIR trained. There’s no specific certification of any kind required for ecommerce developers and integrators. Kind of crazy given the risks, huh?

EMV 3DS is a global security protocol with three primary beneficial outcomes:

  1. Fraud liability shift to issuer for “it wasn’t me, I didn’t authorize.” Merchants do not need to respond to a chargeback, when 3DS is invoked on a transaction, it will automatically shift liability to the issuer.
  2. Merchants can potentially qualify for even lower interchange rates on some cards due to lower risk associated with cardholder authentication. For example, merchants can save .20% on average with MasterCard UCAF rate qualification vs Merit 1 on some credit cards.
  3. Increased approvals and profits. With cardholder authentication, merchants can expect increased approvals per the card networks advice. False declines are a significant problem for cart abandonment and resulting lost sales.

Think of it like having a chip card for card present transactions. EMV 3DS is a messaging protocol that promotes frictionless consumer authentication and enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorised CNP transactions and protect the merchant from exposure to CNP fraud.

Level 3 purchasing expert for B2B credit card processing needs. HIPAA, GDPR, PCI and PSD2 and all the other compliance and security you need for your business are available.

Christine Speedy, Founder 3D Merchant Services, is a credit card processing expert with specialized expertise in card not present and omnichannel technology. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions. Call Christine for payment gateway, cloud technology, merchant services and check processing needs.

EMVCo Updates EMV 3-D Secure Specification

Posted on by
Reply

Enhanced specification further promotes frictionless authentication for e-commerce transactions, providing additional benefits for both merchants and consumers

14 December 2018 – EMVCo today announces the publication of the EMV® 3-D Secure Protocol and Core Functions Specification v2.2.0. The updated specification includes enhancements to promote an optimised consumer experience while supporting new authentication channels when making e-commerce transactions.

EMV 3DS is a messaging protocol that promotes frictionless consumer authentication and enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorised CNP transactions and protect the merchant from exposure to CNP fraud.
EMV 3DS specification version 2.2.0 builds upon the current specification version 2.1.0 which is available today on the EMV 3DS Test Platform, enabling 3DS product providers to confirm that their solutions will perform in accordance with the specification. Support of v2.1.0 is required in order to implement v2.2.0. Key updates within version 2.2.0 include:
• Improved communication between merchants and issuers, enabling Europe’s Second Payment Services Directive (PSD2) exemptions for Strong Consumer Authentication to be applied. While the previous version of the EMV 3DS Specification enables PSD2 compliance, the latest updates provide additional features for merchants and issuers to maximise the benefit of the available exemptions.
• Two new features to enable authentication for various payment scenarios including mail order and telephone order transactions:
o 3DS Requestor Initiated (3RI) payments – enabling a merchant to initiate a transaction even if the cardholder is offline.
o Decoupled authentication – allowing cardholder authentication to occur even if the cardholder is offline.
• Expansion of existing data elements to promote communication of pre-checkout authentication events and associated data as part of the EMV 3DS transaction from systems such as those supporting the FIDO Alliance standards.
These enhancements are available if all 3DS components involved in the transaction have updated their software to support v2.2.0.

“EMV 3DS exists to promote secure, consistent consumer authentication for e-commerce transactions across all channels and connected devices, while optimising the cardholder’s experience,” comments Stephanie Ericksen, Chair of the EMVCo Executive Committee. “Our work in this area continues to evolve to ensure we respond to new marketplace requirements. EMVCo continues to encourage the payments community to get involved and provide feedback on the EMV 3DS activity.”

Earlier this year EMVCo announced the availability of the full EMV 3DS Test Platform, which enables the functional testing of EMV 3DS solutions. Letters of Approval are currently being issued for those 3DS products that have successfully tested against version 2.1.0. A list of approved products can be found on the EMVCo website. Products submitted for EMV 3DS v2.2.0 compliance testing will also be tested against EMV 3DS v2.1.0 to receive an EMV 3DS v2.2.0 Letter of Approval. Testing support for version 2.2.0 is expected to be available mid-2019. Progress updates will be posted on the EMVCo website.

To stay informed of the latest EMVCo developments and receive advanced access to EMV Specifications and related documents, join the EMVCo Associates Programme or become a Subscriber.