EMVCo guidelines reflect global omnichannel trends

Global technical body EMVCo released EMV® Secure Remote Commerce (SRC) – Technical Framework version 1.0 Nov. 2, 2017, a set of guidelines designed to protect in-app, mobile and ecommerce transactions. In addition to reducing exposure to data compromise, SRC will simplify merchant support by creating a new framework for the remote commerce environment, with consistent roles and methodologies for participating parties that manage payment card data, according to EMVCo representatives.

Jack Pan, EMVCo Executive Committee Chair, said growing consumer adoption of mobile and virtual payments and the ever-present danger of cybersecurity threats have made a broader SRC both necessary and inevitable. “As payments technologies advance, the EMV Specifications evolve to address emerging challenges and meet new requirements," he said. "EMVCo has the strategic breadth, industry knowledge and technical ability, coupled with a proven record of specification delivery, to facilitate the development of secure and interoperable remote payment solutions.”

Simplicity, security, interoperability

A new report published Nov. 7, 2017 by Aite Group LLC found online payment fraud is surging due to criminals' shift from physical to online commerce following global EMV (Europay, Mastercard and Visa) implementation. Report author and Senior Analyst Ron van Wesel said increasing fraud makes strong (multifactor) customer authentication methods imperative for remote payments.

The new SRC framework attempts to protect payment card data wherever consumers choose to shop, while also maintaining a consistent customer experience. EMVCo summarized the key objectives as simplicity, security and interoperability. “While data storage solutions to protect card and account data are widely implemented, the actual method of delivering the payment card data to the merchant has vulnerabilities that can potentially be exploited,” said Cheryl Mish, EMVCo Board of Managers Chair. “As a result, multiple industry participants have worked to address these vulnerabilities by providing application-based solutions that deliver, among other things, a simplified consumer payment experience.”

As the EMV SRC Technical Framework continues to evolve, Mish invites payments industry stakeholders to share insights and commentary on “define security improvements, simplify merchant integration and enable a consistent consumer experience for remote payments.” Interested parties can become EMVCo subscribers to be notified of future developments and stay informed on the SRC initiative, she noted.

Defining, protecting remote commerce

EMVCo defines remote commerce as “the purchase of goods and services by consumers via applications and browsers on mobile phones, tablets, desktop computers and Internet-connected devices." The organization stated the EMV SRC initiative will address complexities and potential vulnerabilities within the remote payments ecosystem in several ways. It will:

• Extend EMVCo’s security footprint beyond the physical POS to include the remote payments ecosystem.
• Provide consistent, simplified integration processes and interfaces among remote payments stakeholders.
• Enhance remote commerce by making websites and applications more secure and using dynamic data to make online and mobile commerce checkout more secure.
• Expand integration options for EMV specifications such as EMV 3-D Secure and EMV payment tokenization.
• Make remote commerce more secure and expedient by reducing the number of keystrokes needed for cardholder data entry, using advanced technologies to facilitate individual and device authentication and potentially lower shopping cart abandonment.

Additional information and specifications are available at www.emvco.com/terms-of-use/?u=/wp-content/uploads/documents/Secure-Remote-Commerce-Framework-FINAL-v1.0.pdf .

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.