EMVCo Updates EMV 3-D Secure Specification

Enhanced specification further promotes frictionless authentication for e-commerce transactions, providing additional benefits for both merchants and consumers

14 December 2018 – EMVCo today announces the publication of the EMV® 3-D Secure Protocol and Core Functions Specification v2.2.0. The updated specification includes enhancements to promote an optimised consumer experience while supporting new authentication channels when making e-commerce transactions.

EMV 3DS is a messaging protocol that promotes frictionless consumer authentication and enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorised CNP transactions and protect the merchant from exposure to CNP fraud.
EMV 3DS specification version 2.2.0 builds upon the current specification version 2.1.0 which is available today on the EMV 3DS Test Platform, enabling 3DS product providers to confirm that their solutions will perform in accordance with the specification. Support of v2.1.0 is required in order to implement v2.2.0. Key updates within version 2.2.0 include:
• Improved communication between merchants and issuers, enabling Europe’s Second Payment Services Directive (PSD2) exemptions for Strong Consumer Authentication to be applied. While the previous version of the EMV 3DS Specification enables PSD2 compliance, the latest updates provide additional features for merchants and issuers to maximise the benefit of the available exemptions.
• Two new features to enable authentication for various payment scenarios including mail order and telephone order transactions:
o 3DS Requestor Initiated (3RI) payments – enabling a merchant to initiate a transaction even if the cardholder is offline.
o Decoupled authentication – allowing cardholder authentication to occur even if the cardholder is offline.
• Expansion of existing data elements to promote communication of pre-checkout authentication events and associated data as part of the EMV 3DS transaction from systems such as those supporting the FIDO Alliance standards.
These enhancements are available if all 3DS components involved in the transaction have updated their software to support v2.2.0.

EMV 3DS exists to promote secure, consistent consumer authentication for e-commerce transactions across all channels and connected devices, while optimising the cardholder’s experience,” comments Stephanie Ericksen, Chair of the EMVCo Executive Committee. “Our work in this area continues to evolve to ensure we respond to new marketplace requirements. EMVCo continues to encourage the payments community to get involved and provide feedback on the EMV 3DS activity.”

Earlier this year EMVCo announced the availability of the full EMV 3DS Test Platform, which enables the functional testing of EMV 3DS solutions. Letters of Approval are currently being issued for those 3DS products that have successfully tested against version 2.1.0. A list of approved products can be found on the EMVCo website. Products submitted for EMV 3DS v2.2.0 compliance testing will also be tested against EMV 3DS v2.1.0 to receive an EMV 3DS v2.2.0 Letter of Approval. Testing support for version 2.2.0 is expected to be available mid-2019. Progress updates will be posted on the EMVCo website.

To stay informed of the latest EMVCo developments and receive advanced access to EMV Specifications and related documents, join the EMVCo Associates Programme or become a Subscriber.

Worlds Only 3rd Party Omnichannel Payment Gateway Meeting Big Ticket Needs

Businesses with some element of B2B and retail sales of high dollar value goods, have unique omnichannel needs. CenPOS is the only omnichannel payment gateway that meets them. The critical needs are level III processing, interchange management, tokenization, EMV, 3Dsecure, tokenization, online payments, processor neutral, PCI Compliant credit card authorization form, signature capture, pin debit, and payments segregated from applications for PCI Compliance. 

Level III processing

Level III processing is nearly impossible to find for retail, however merchant savings are huge, and when battling low margins, it’s critical.

Example of a wew low interchange rate a merchant transaction qualified for.

Example of a low interchange rate a merchant transaction qualified for vs 2.65% without CenPOS.

Interchange Management

Interchange qualification is extremely complex, and the only way to manage it is via an automated system, which must be in the cloud to be current. It’s impossible to train or rely on employees to make the right decisions to mitigate risk and fees. For example, when a merchant key enters a transaction with other solutions, the transaction is ‘non-qualified’ because mag stripe data isn’t sent. CenPOS dynamically identifies the transaction requirements, and prompts for actions to ensure the merchant qualifies for the lowest card not present rate, which is usually lower than the non-qualified retail swipe rate.

Tokenization

Variable recurring, fixed recurring, installment, and scheduled mixed payments are all available. Customers can manage their own tokens via the internet, which are instantly available to those with permission to the Virtual Terminal.

EMV and 3Dsecure certified

A lot of equipment is available that’s EMV chip card ready, but very few others can actually accept EMV today. As EMV picks up steam, online fraud is expected to increase and 3Dsecure will help merchant mitigate that risk. Can you name how many independent gateways are certified for both?

emv smart card

EMV chip smart card.

Online Payments

Per Visa Core Rules October 2014, merchants cannot request CVV2 on any paper form. To mitigate risk, merchants need CVV2 (for the first transaction if stored). Online payments via a hosted pay page or electronic bill presentment and payment (EBPP) are the most secure way to validate a card so that card data is never accessible by employees.

Processor Neutral

Companies want flexibility to choose their own financial processors, including merchant account processor. CenPOS is certified to processors globally.

PCI Compliant credit card authorization form

Credit card authorization forms have been a critical part of B2B process to ensure they won’t get burned with a chargeback at a later date. The problem is they’re a PCI nightmare and CVV2 can’t be on them. CenPOS automatically generates a PCI Compliant recurring billing authorization form that merchants can ask their customers to sign.

Multilane Signature Capture

Signature capture is mandatory for back office efficiencies for customer service, defending disputes to prevent chargebacks, and reducing audit costs.multi-lane signature capture terminal l5200

Pin Debit

  • Reduces dispute time from 120 days to 14 days
  • Reduces fees, even for regulated debit, by avoiding dues and assessments
  • Mitigates risk of merchant losing fraud disputes

Payments Segregated From Applications

CenPOS solutions can be used standalone or integrated. Many connectors, modules and integrations are available as well as easy to implement API’s.

CenPOS is uniquely the worlds only gateway to offer every solution above, critical for merchants to mitigate risk, reduce PCI compliance burden, and increase EBITDA. HVAC, building supply, electrical, industrial supply, truck, automotive, parts dealers, and appliance dealers are examples of high dollar ticket merchants that want the above solutions and more.