Friday, October 8, 2021
EMVCo's enhanced 3DS version 2.3, published Oct. 6, 2021, expands support across digital channels and offers card-issuer tools designed to quickly identify fraud, stated Robin Trickel, executive committee chair at EMVCo, a global technical body owned by American Express, Discover, JCB, Mastercard, UnionPay and Visa.
"Fighting payment fraud and reducing checkout friction is key to businesses delivering a safe and convenient online shopping experience for their customers," Trickel said in a statement. "EMVCo continually collaborates with the payments community to look for opportunities to optimise efficiencies, improve usability and promote consistency, without compromising security."
Trickel additionally noted that the World Wide Web Consortium (W3C) and the FIDO Alliance collaborated with EMVCo on 3DS enhancements to help issuers determine transaction legitimacy and reduce risk of fraud. In addition to being able to remember consumer devices and reduce authentication challenges, 3DS v2.3 can help consumers toggle between merchant and authentication apps, he stated.
To further support its software update, Trickel noted, EMVCo published educational resources to help stakeholders effectively implement EMV 3DS while enabling a frictionless checkout experience in stores and online. These resources, specifications and device SDKs are available at www.emvco.com/emv_insights_post/quick-resource-emv-3ds-for-e-commerce/.
The FDIC, the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency recently solicited feedback on guidance related to managing third-party relationship risk. Published July 13, 2021, the framework is designed to help financial institutions assess third-party vendors, expanding on previous guidance, the agencies stated.
"Competition, advances in technology, and innovation in the banking industry contribute to banking organizations' increasing use of third parties to perform business functions, deliver support services, facilitate providing new products and services, or facilitate providing existing products and services in new ways," the agencies wrote. "The use of third parties can offer banking organizations significant advantages, such as quicker and more efficient access to new technologies, human capital, delivery channels, products, services, and markets. To address these developments, many banking organizations, including smaller and less complex banking organizations, have adopted risk management practices commensurate with the level of risk and complexity of their third-party relationships."
Among their recommendations for creating an end-to-end, third-party risk management life cycle, the agencies proposed that financial institutions institute strategic planning; fully vet third-party service providers, negotiate written contracts, introduce board of director oversight, maintain documentation, conduct ongoing reviews and have plans in place for terminating relationships.
Daniel Liptrott, general manager, NCC Group Software Resilience, North America, praised the agencies for their efforts and suggested they could go further in some areas. "We fully agree that banking organizations' expanded use of third parties for core banking services, improved functionality of services, and platforms to provide services adds complexity, and requires sound risk management," he said. "We therefore hope that this guidance can add stability and reassurance for organizations within this sector."
To better address changing needs of banking organizations as they "develop, purchase, invest in, license and subscribe to" third-party software, Liptrott proposed further protecting business continuity, end-of-life programming languages and transitioning services. His recommendations are available at www.jdsupra.com/legalnews/ncc-group-welcomes-consultation-on-us-5194364/. 
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
