In the last few years, it has become clear that EMV® 3-D Secure (commonly known as 3-D Secure 2.0) is the future of online payment authentication. Those in the digital payments industry are justifiably excited about the opportunities it will open up for merchants and issuers in the near future.
EMV 3DS is a much improved version of traditional 3-D Secure that can enable new payment channels, like native applications. By leveraging enhanced data, this new protocol can provide an improved consumer experience during authentication. We have been carefully planning for this shift in the industry for many years.
As a result, our platforms can also offer merchants and issuers the opportunity to share transaction insights in the authorization flow. This will not only have a great impact on risk decisioning for authentication, but for risk decisioning during authorization as well.
Merchants, issuers, consumers and many others in the digital commerce world should be excited about these new developments. This seismic shift will open new doors for all these parties, but some of the details with this new protocol can get a bit complicated, specifically as it relates to onboarding, which is the beginning of the entire process. But don’t worry, we can help!
First, in order to participate in EMV 3-D Secure, issuers and processors must work with an EMV 3DS compliant Access Control Server (ACS), like Visa Consumer Authentication Service. This is a mandatory requirement. Fortunately for all issuers and processors, Visa Consumer Authentication Service is fully compliant with EMV 3DS and is able to support any issuers and processors who are ready to participate. We will also be there every step of the way to help guide you through this process, and to help define your new authentication strategy.
Below are some steps that issuers and processors can follow when they onboard to EMV 3-D Secure. If these seem complicated and confusing, don’t worry. We can help ensure that everything goes smoothly through the entire process.
- Ensure that you’re working with an EMV 3DS compliant ACS provider who can support EMV 3DS transactions. Visa Consumer Authentication Service is one such provider. While this may seem like a simple and rudimentary part of the process, it’s the most important step.
- NOTE: Existing Visa Consumer Authentication Service customers can skip this step and start with Step 2.
- Configure your business for EMV 3DS by defining your rollout strategy. Part of this step includes identifying the BIN ranges you want to enable for EMV 3DS and setting up risk rules to leverage all the additional data elements that are available. In the Visa Consumer Authentication Service portal, issuers can write risk rules around almost three dozen rule parameters. These rules can be as simple or complex as needed, to meet any issuer’s needs.
Additionally, Visa and Mastercard issuers will have to support Enhanced Authentication Value (AV) requirements for cryptogram generation. All issuers must validate whether they can support the newly available CAVV (Visa) and/or SPA 2 AAV in the authorization based on the network specs.
All existing Visa Consumer Authentication Service issuers will have the opportunity to enhance their current integrations, which will allow them to leverage new features that are available for support with EMV 3DS.
- Register with the Networks. For each card network program, any issuer or processor will be required to complete a few steps to onboard to their EMV 3DS Directory Servers and Networks. One of these steps is registering selected EMV 3DS BINs on the Network’s Directory Servers and Networks.
- Test and Launch. After you’ve completed all of these steps, the Visa Consumer Authentication Service team will work with you to schedule the program launch.
That’s all that is necessary to onboard to Visa Consumer Authentication Service! It might seem like a lot but we’re here to help in any way we can!
Are you ready for the transition to EMV 3DS?
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.