Technical body EMVCo and PCI Security Standards Council have announced that they are collaborating to support the upcoming launch of 3-D Secure 2.0 (3DS 2.0). The announcement was made at the PCI Security Standards Council Community Meeting of global cyber security experts in Las Vegas, U.S, last week (20-22 September).
3DS is a messaging protocol used by the payments industry to enable consumers to authenticate themselves with their card issuers when making online purchases through PC web browsers. Later this year, EMVCo will release EMV® 3-D Secure – Protocol and Core Functions Specification v2.0 (EMV 3DS 2.0 Specification). This specification will support the payments industry in delivering a globally interoperable and consistent consumer experience across major e-commerce channels and connected devices, including in-app purchases.
Based on this functional specification, the PCI Security Standards Council is working to provide security requirements, testing procedures, assessor training and reporting templates to address the environmental security associated with 3DS 2.0. The related documentation will be released in the first half of 2017.
“3DS 2.0 is critically important to introduce improved authentication and we are excited to be working hand-in-hand with EMVCo to secure all payment channels,” said PCI Security Standards Council Chief Technology Officer, Troy Leach. “The marketplace is changing every day, and with mobile payments projected to continue to rise, it is vitally important that the security concerns be addressed in the design of the authentication system to keep up with the evolving threats.”
Jonathan Main, current Chair of the EMVCo Board of Managers, commented: “The EMV 3DS 2.0 Specification provides a functionality ‘tool box’ to parties who wish to develop and implement 3DS 2.0 compliant products and services. This enables all solutions to be globally interoperable and promotes a unified international payments framework. Following the release of the EMV 3DS 2.0 Specification later this year, solutions will be created and their introduction into the marketplace needs to be workable and defined. We recognise that this requires a number of industry stakeholders to work together to establish a secure framework and we are delighted to be collaborating with PCI Security Standards Council to facilitate this process.”
The PCI Security Standards Council is a global forum that is responsible for the development, management, education, and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security.
EMVCo is the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes. EMVCo is collectively owned by American Express, Discover, JCB, MasterCard, UnionPay and Visa, and focuses on the technical advancement of the EMV Specifications.
Visa invented and maintains sole ownership and management of the 3DS 1.0 Specifications. EMVCo announced in January 2015 that it would develop, manage and own the EMV 3DS 2.0 Specifications.
Source: EMVCo
Banking 4.0 – „how was the experience for you”
„So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”
Many more interesting quotes in the video below: