10833909023_3fd9854862_z

EMVCo Improves 3D Secure’s Next Generation to Target Mobile Payments

January 13, 2024         By: Steven Anderson

Mobile payments are a field in the midst of rapid expansion, and with rapid expansion comes a slate of new opportunities for those in the market.

But some of those opportunities are of a darker sort, and so the need for improved security also comes into play. EMVCo, the global technical body that manages security specifications for chip-based payment cards, is looking to augment those security specs anew with the development of 3D Secure (3DS) 2.0.

Mobile payment systems, particularly those linked to a credit card, are sometimes called “card-not-present” systems, because they are tied to a credit card that isn’t actually physically on hand at the time of purchase.

There are other systems not strictly mobile that use card-not-present transactions—Amazon purchases rank among these—but the card-not-present transaction is still a major part of the way online commerce operates. The earliest days of 3D Secure, which was developed by Visa, were mainly used for PC-based transactions, but since then, the use of card-not-present has exploded in range, and now is an everyday part of life.

The sheer depth of that expansion called for modifications to the security standard, and so, EMVCo is looking to augment that system in a bid to provide better security for such transactions. EMVCo expects the new version of 3DS to be ready in 2016, and when it is, Visa will start phasing out 3DS 1.0, as it’s known.

EMVCo, meanwhile, will operate 3DS 2.0 both parallel with and separate from 3DS 1.0, until 3DS 2.0 has had an opportunity to get properly broken in in the field.

Sean Conroy, chair of EMVCo’s board of managers, offered up some comment on the group’s plan, saying “3DS 2.0 complements EMVCo’s work to facilitate the worldwide interoperability and acceptance of secure payment transactions. Our goal as a global technical body is to define the specifications in conjunction with the payments community and to establish a reliable, international framework to enable digital commerce to achieve its full potential without compromising security.”

This is a great step for all concerned; while 3DS has certainly done a fine job of standing in the gap between online shoppers and those who would steal the identities of said shoppers, with every day that passes, it’s just slightly less secure.

That means opportunity for those thieves as time goes on, and so augmenting that security becomes important. EMVCo stepping in to make those augmentations is going to be a welcome development in the field, and with that, a greater likelihood that development will continue.

In order for mobile payments to get anywhere, the user-base has to believe that such technology is safe to use, and regular revisions of security will help.

In much the same way that we change our passwords regularly, so too must basic security infrastructure be brought up to date. The revamping of 3DS should go a long way toward re-establishing the feeling of security involved, and thus help ensure the status of mobile payments continues on untrammeled.