Changes in lifestyle, shopping habits and technology are driving greater electronic and mobile commerce sales. Today, e-commerce accounts for €1 in every €4.69 of spending on European Visa cards, equating to 21% of our processed transaction volumes. Processed e-commerce volumes are also growing more than twice as fast as our overall point-of-sale volumes, up 17% during 2015. So, it’s important that we, as an industry, look at how we drive further online growth without sacrificing security.
Visa is working with EMVCo to develop an updated and enhanced version of 3D Secure (3DS). This is the messaging protocol we created in 1999 to validate the identity of online shoppers and boost trust and confidence in e-commerce. EMVCo recently launched a draft of the new specification and is inviting comments on it.
Naturally, we’re a strong supporter of work in this area. 3DS version 1.0 has become the de facto standard for online authentication, and we’re pleased to have donated it to EMVCo for the benefit of the whole industry. The new version of the standard (3DS version 2.0) will include updates and enhancements that promote a smoother and more consistent user experience across multiple payment channels, including mobile web, in-app and digital wallet payments.
Updates and enhancements
When we created the first version of 3DS, personal computers were the only channel available for consumers and merchants to trade online. Consequently, 3DS version 1.0 was specifically designed for browser-based authentication. Fast-forward 16 years and there are around 4.7 billion unique mobile subscribers worldwide, according to 2015 figures from the GSMA. When the smartphone is the device of choice for accessing the internet — and is the only means a consumer has of getting online in some countries — this cannot but change the way consumers, businesses and governments interact and transact.
3DS version 2.0 will offer a more seamless checkout experience via intelligent risk-based decisioning. Risk-based authentication uses data to recognise legitimate customer behaviour, device, location and other established characteristics, so there’s less need to ask for a password. This is great for consumers shopping online generally, and on a mobile device in particular, as they will not always have to supply a password or other credentials. The specification will also be enriched to support non-payment user identification and verification, plus country-specific and regulatory requirements.
Merchants will be able to integrate the authentication process better into the shopping experience and still benefit from liability protection when they use 3DS. The specifications also provide a framework to support authentication for current and future consumer devices and channels.
Visa will maintain sole ownership and management of 3DS version 1.0, while EMVCo will own the 3DS version 2.0 specifications. As with other EMV specifications, 3DS 2.0 will be provided to industry stakeholders royalty-free. To contribute to the EMVCo specification review process, receive the latest information on specifications and access the draft 3DS 2.0 specification, join EMVCo as an Associate or Subscriber on the EMVCo website.