- What is EMV 3-D Secure?
- Specifications
- Benefits
- FAQs
- Resources
What is EMV 3-D Secure (EMV 3DS)?
Fighting payment fraud and checkout friction is key to businesses delivering a safe and convenient digital shopping experience for their customers. Payment card issuers and merchants use EMV 3DS to seamlessly authenticate consumers and safeguard against card-not-present (CNP) fraud.
EMV 3DS enables the exchange of data, or messages, between the merchant and the issuer to authenticate the consumer and approve the transaction. The data includes information about the transaction, payment method and device. Using this data, issuers can identify and prevent fraudulent card transactions quickly and accurately, without adding unnecessary friction to the payment process that often leads to abandoned purchases.
The EMV 3DS Specifications provide a common set of requirements that product providers can use to integrate this technology into their solutions to support seamless and secure e-commerce payments.
EMVCo maintains the EMV 3DS Specifications and supporting approval processes, and collaborates with the PCI Security Standards Council on the security evaluation of EMV 3DS solutions.
News & Insights
Specifications & Associated Bulletins
View all EMV 3DS Specifications
Close Login Modal
Benefits
Fraud Prevention
EMV 3DS helps issuers, acquirers and merchants prevent fraud across e-commerce channels and devices, while optimising the user experience for consumers.
Enhanced Security
An additional layer of security helps issuers, acquirers and merchants better prevent CNP fraud and ensure that the payment process is seamless for their customers.
Streamlined Authentication
Rich data and flexible authentication methods help improve the decision-making process for issuers to determine the legitimacy of a transaction. This results in increased transaction approval rates and fewer false declines.
Optimised Payment Experience
Consumers can use their preferred devices to shop online and expect quicker, easier authentication, fewer purchases inaccurately declined, and confidence in the safety of the transaction.
Testimonials
The airline industry has always looked to prevent fraud and better protect its customers. The EMV 3DS protocol helps make internet card payments more secure, while achieving a better balance between security and customer convenience by letting the card issuer know more details about the intended purchase.
International Air Transport Association (IATA)
EMV 3DS Product Approval
EMVCo facilitates testing and approval of EMV 3DS products to validate compliance with EMV 3DS Specifications. This includes approval of EMV 3DS product vendors, service providers and test tools.
EMVCo Listings
- Approved/Evaluated Products
- Service Providers
- Registered IDs
Approval Processes
- 3DS Approval Process
FAQs
What is EMV 3DS?
EMV 3DS is an e-commerce fraud prevention protocol that enables consumer authentication for CNP purchases, without adding unnecessary friction to the checkout process.
How does EMV 3DS work?
EMV 3DS helps payment card issuers identify unauthorised e-commerce transactions quickly and accurately to prevent CNP fraud. It enables the exchange of data between the merchant and the payment card issuer to verify that the individual making a purchase with a payment card is the legitimate user of the card.
For e-commerce purchases where EMV 3DS solutions are used, the process works as follows:
- A consumer uses a payment card to make an online purchase on a mobile phone, tablet, laptop or other device.
- To confirm that the consumer making the purchase is the actual cardholder, the merchant uses EMV 3DS for authentication. The authentication process involves the merchant sending data or messages to the card issuer, which include details about the transaction, payment method and device information.
- The issuer uses this data to authenticate the consumer and approve the transaction. For many transactions, this means consumers simply click “Buy” and the payment is approved. For higher-risk transactions, issuers may choose to require further authentication as an added layer of security. In these cases, consumers must authenticate themselves using a challenge, such as a one-time passcode, knowledge-based questions, biometrics, or other methods.
What do the EMV 3DS Specifications provide?
The EMV 3DS Specifications provide a common set of requirements that product providers can use to integrate EMV 3DS technology into their solutions to support seamless and secure e-commerce payments.
The EMV 3DS Specifications:
- Support app-based purchases on mobile and other consumer devices
- Enable merchants to integrate authentication into their checkout process for both app- and browser-based implementations
- Specify use of multiple options for step-up authentication
- Specify a non-payment message category
- Enable merchant-initiated account verification
- Are flexible to accommodate global and local needs
- Are available royalty-free from the EMVCo website
Is EMV 3DS consistent with consumer privacy principles?
An EMV 3DS transaction utilises consumer data for the purpose of evaluating risk to prevent fraud. Merchants and issuers using this data for this purpose are responsible for complying with applicable privacy laws.
How does EMV 3DS support Strong Customer Authentication (SCA) requirements as described in the Second Payment Services Directive (PSD2) by the European Commission?
The Opinion of the European Banking Authority (EBA) published on 21 June 2019 recognised that protocols such as EMV 3DS provide a means for merchants and issuers to support the use of SCA.
Specifically, EMV 3DS supports SCA by enabling the use of two-factor authentication.
Its flexibility allows issuers to accommodate their authentication preferences. Moreover, issuers can consider risk and regulatory factors in deciding how the customer will be authenticated – for example, using a one-time passcode, knowledge-based questions or biometrics.
Does it matter which version of EMV 3DS is used to meet PSD2 SCA requirements?
The EBA notes that versions 2.0 and newer support a variety of SCA methods, while trying to ensure customer convenience, limiting fraud through data sharing and transaction risk analysis, and enable the use of exemptions set out in the Regulatory Technical Standards (RTS).
While EMV 3DS 2.1 supports SCA, EMVCo recommends that v2.2 (or higher) should be considered to access the optimum functionality.
EMV 3DS Resources
EMV 3DS UI/UX Guidelines
EMVCo maintains interactive EMV 3DS UI/UX Design Guidelines to help card issuers, merchants and solution providers optimise the EMV 3DS payment authentication experience for e-commerce consumers.
View guidelines
EMV 3DS Secure Browser Best Practices
The Browser Best Practices are designed to help merchants and issuers better leverage the security features of EMV 3DS to ensure that all parties are protected during the transaction process, and consumers can expect a smooth and consistent checkout.
View best practices
Use of FIDO Data in 3DS Messages Whitepaper
Developed in collaboration with FIDO Alliance, this EMVCo Whitepaper provides guidance to merchants, card issuers, acquirers and processors on how FIDO Authentication Data can be used in EMV 3DS messages to reduce fraud and friction for consumers in the payment process.
View whitepaper
Get involvedInterested in collaborating with EMVCo? Ways to participate
More than a hundred organisations – including merchants, issuers, acquirers, payment networks, financial institutions, manufacturers, technology providers and testing laboratories – contribute their knowledge and expertise to the development of EMV Specifications.