By Mark Nelsen, Senior Vice President of Risk and Authentication Products
To encourage the continued growth of ecommerce, merchants and issuers around the globe need intelligent tools to distinguish between good and bad transactions, all while minimizing disruption to consumers at checkout. Without data-driven insights into the riskiness of a transaction, confidently approving ecommerce payments—now originating from a variety of platforms and form factors, each with their own unique security attributes—is becoming more difficult.
The good news is that change is coming. EMVCo* is expected to release a new and improved 3-D Secure specification soon. The new specification, referred to as 3-D Secure 2.0, includes updates and enhancements to address the need for a more seamless online payment experience for consumers, while accommodating new devices and ways to pay. By facilitating a greater exchange of data between merchants and issuers, 3-D Secure 2.0 will enable increased use of risk-based and dynamic authentication—today’s gold standard for online authentication.
In anticipation of EMVCo’s specification, Visa has begun internal development to enhance the Verified by Visa (VbV) program and the Visa Consumer Authentication Service (Visa’s issuer 3-D Secure support provider) for 3-D Secure 2.0. Visa expects that early industry adoption will begin in mid-2017 in markets around the world.
Verified by Visa for 3-D Secure 2.0 will bring benefits for everyone. Merchants will have the ability to better integrate the authentication process into the shopping experience, providing a more user-friendly authentication experience, which can translate to higher conversion rates and increased sales. Issuers will have access to more data, helping them to make more informed transaction decisions. For consumers, paying online will be as fast, simple and convenient as ever. And as always, Visa’s Zero Liability policy guarantees that cardholders won't be held responsible for unauthorized charges made with their account, online or offline.
To ensure that stakeholders in each market have a reasonable amount of time to implement the solution once certified products and services are available, certain rules—such as fraud chargeback protection on merchant-attempted 3-D Secure 2.0 transactions—will not take effect until the program activation date. In Europe, a region that is already relying heavily on risk-based authentication, Visa expects a program activation date of April 2018. The program activation dates for other markets will be announced separately.
As the industry moves collectively to adopt and implement the 3-D Secure 2.0 protocol, Visa will partner with stakeholders around the globe to deploy pilots in advance of the program activation date.
*EMVCo exists to facilitate worldwide interoperability and acceptance of secure payment transactions. It accomplishes this by managing and evolving the EMV® Specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues.Today there are EMV Specifications based on contact chip, contactless chip, common payment application (CPA), card personalisation, and tokenisation.
This work is overseen by EMVCo’s six member organisations—American Express, Discover, JCB, MasterCard, UnionPay, and Visa—and supported by dozens of banks, merchants, processors, vendors and other industry stakeholders who participate as EMVCo Associates