emv® secure remote commerce presentation · 2018-11-02 · e-commerce digital web-based payments...

EMV® Secure Remote Commerce

Copyright ©2017 EMVCo 2Copyright ©2018 EMVCo – Confidential 2

What is Remote Commerce?

E-commerce

Digital CommerceWeb-based Payments

Remote Commerce

Online Payments


When Does Remote Commerce Happen?

• During the checkout process a merchant asks a consumer to provide or select a payment method for a purchase

• Checkout may also include:

– Verification of the cardholder and present bill of sale

– Delivery of information to enable the receipt of the purchased goods or services

Remote commerce

happens at the checkout process


Challenges within the Industry Landscape

Remote commerce continues to grow worldwide with the popularity of online purchasing. However, it has become increasingly targeted and susceptible to compromise.

• Variety of implementations result in fragmentation, complexity, and inconsistency

• Current environment has many different integration models which can be expensive and time intensive for merchants

• Primary Account Numbers (PAN) entry, transmission and subsequent storage of live PAN introduces significant risk


Concerns with Remote Commerce

Merchants Consumers

• User friction increases cart abandonment

• Online transactions carry increased risk• Supporting multiple, unique payment

solutions is expensive and time intensive

• Concerned that account will be compromised

• Don’t have the same level of convenience (e.g. multi data entry) across multiple merchants

Each stakeholder needs to balance different concerns associated with payment card acceptance during a remote commerce checkout experience


Secure Remote Commerce

EMV® Secure Remote Commerce

Secure Remote Commerce (SRC) establishes the foundation to deliver a consistent consumer checkout experience while increasing simplicity and security

• Creates a consistent, streamlined checkout environment for digital transactions

• Provides secure payment acceptance between a merchant site and the consumer device

• Supports a variety of consumer devices (phones, tablets, PCs, and IoT devices)


EMV® SRC Specification

• Provides interfaces to support secure exchanges of data between merchants and issuers to enable payment

• Defines UIs and APIs to enable predictable payment experiences

• Defines secure delivery methods of a payment payload to a merchant

• Define a payment payload with valid payment credentials

• Supports the protection of transactions with dynamic data

• Does not impact the existing processes for authorisation

Specification FeaturesEMVCo will develop

and maintain the EMV Secure Remote

Commerce Specifications to support remotetransactions in a

globally interoperable manner


SRC Key Benefits

SRC benefits merchants, consumers, and all industry stakeholders by streamlining integration and facilitating innovation across new devices, channels and technologies

• Provides a choice of online checkout methods

• Delivers a consistent and secure consumer purchase experience across multiple merchants

• Potentially lowers shopping cart abandonment

• Simplifies integrations• Supports the integration of new

technologies• Provides a choice of online checkout

methods

Merchants Consumers


Physical Payments

BAU AuthorisationRemote Commerce

Secure Remote Commerce

Issuing Bank

Merchant and Intermediaries

Acquiring Bank

SRC System

Payment Network

Payment Card

Payment Information

10100

Physical Terminal

Consumer Interaction

Payment Information

Digital Card Selection

Merchant

Merchant Website

Cardholder

Payment Card

Remote Commerce vs. Secure Remote Commerce


Secure Remote Commerce Scope

SRC Specification Focus Outside of SRC Specification Scope

✓ Preparation and assertion of the data to be passed along through existing transaction processing rails

✓ Consistency in payload to provide structure and ubiquity to help ease global integration

✓ Guidance / Clarity for how to connect with an SRC System

✓ Visual elements for incorporation to allow for customer recognition

• Changes to transaction processing

• Implementation mandates

• Restrictions on who can play which roles

• What the merchant experience looks like

• Compliance or policy requirements

As the development of the EMV® Secure Remote Commerce (SRC) Specification has progressed, it is critical to understand the intention/focus behind the specification and included annexes


Secure Remote Commerce Objectives

• Establish interoperable interfaces for all stakeholders to enable a consistent payment card specification for message content, transmission and security

• Deliver a consistent representation of the consumer account data to merchant

• Introduce Dynamic Data to protect the Payment Data through a scalable solution

• Providing transparency between the participants to facilitate Cardholder Authentication and Consumer Device identification

• Enable the integration of other EMV® specifications such as Payment Tokenisation and 3-D Secure authentication

• Minimise consumers entry of their Payment Data by enabling consistent identification of the Consumer and the Consumer Device to minimise friction and potentially reduce abandonment during the payment experience

• Supporting common Consumer Verification to enable access to established Payment Data


SRC Participants and Roles

Functions Description Typical Participant Examples

SRC ProgrammeResponsible for the policies and processes associated with the oversight of SRC participants within an SRC System

• Any Payment System• Global/ Regional/ Domestic• Proprietary (Merchant,

Issuer, other)

SRC

Ro

les

SRC SystemOrchestration of all technical activities between participants, manages the technical aspects of the SRC Programme

• Payment Networks supporting Payment Systems

Digital Shopping Application (DSA)

A payment enabled application that facilitates the SRC consumer experience• Merchants• Marketplace• Hosted Order Page Provider

DigitalCard Facilitator (DCF)

Provides consumers access to information for use during a commerce exchange

• Wallets• Browser• Issuer• Merchant

SRC Initiator (SRC I)Facilitates the collection and transmission of digital card and checkout information on behalf of a DSA to enable the initialisation of a payment

• Merchant Service Providers

SRC ParticipatingIssuer (SRC PI)

Enrols the cardholder, PAN and authorisation related data • Issuers

Copyright ©2017 EMVCo 13Copyright ©2018 EMVCo – Unauthorised reproduction is prohibited 13

Current Checkout Solutions EMV Secure Remote Commerce

Why EMV® Secure Remote Commerce?

Issuerdomain

Service Provider Wallet

Checkout

MerchantIssuer

domain Service

Provider

Wallets / Selection

Checkout

Device

Single Provider Solutions

Limited Single Single Source Excluded

Limited Single Tied to Provider

ParticipatingSingle Source

Merchant Issuer domain

Wallets

SecureCheckout

Device

All All Agnostic AllMultiple Providers

Payment Network

Multi-Provider Solutions

PSP

Any

Digital Shopping

Application

Digital Card Facilitator

SRC System

SRCInitiator

SRC Participating

Issuer

Cloud COF

Device Assuranceenables access

VS

SRC Roles

Merchant


Fragmented Potential-Risk Lack of ScaleOne-off

Solutions

Common Secure Scalable 360o Solution

Varied Experiences PAN Exposure Single Provider Merchant by Merchant

Common ExperienceDynamic Data;

AssuranceUbiquitous Consistent

Implementation

Current Gaps

EMV SRC Achieves

---

+ + +

Higher Cart Conversion &

More Engagement

Higher Authorisation Rates &

Low Fraud Losses

Lower Cost of Integration & Higher

Acceptance Rates Higher Adoption

• Scale is fundamental to the effectiveness of solutions• Innovation in payment technologies mostly affects merchant-facing functions in the value chain• Integration of each new data source is resource and time consuming• Convenience over security is not an acceptable tradeoff for consumers and all want access to all their existing cards

EMV® SRC Addresses Gaps of Many Single Provider Solutions


Individual SRC Programmes in conjunction with SRC Systems’ participation may offer a spectrum of solutions for consumers from anonymity to full convenience.

Guest Device Agnostic Device Specific Frictionless

Consumer Experience Spectrum

Frequency

Recognition

Assurance

One Time Repeat User Repeat User Repeat User

Enrol with Issuer but do not store my information

Enrol but do not remember/track me (no device recognition)

Enrol and remember me on this device

Enrol and remember me on this device

I can prove it is my card Check to make sure it is me, I can prove it’s me

Check to make sure it is me on this device

Do not ask me for information if you know it’s me

Consumers may want different experiences based on their confidence in the solution providers

EMV® SRC enables a Spectrum of Solutions


SRC Specification Enabling an Ecosystem

Onboarding and Registration

BAU Authorisation

Enrolment

SRC Systems

Issuing BankMerchant andIntermediaries

Acquiring Bank Payment Network

Wallets / Digital Card Facilitators

Secure Remote Commerce is a catalyst that enables innovators to create compelling products and integrate simple and secure payments with interoperable interfaces defined within EMVCo

EMV® Secure Remote Commerce Specification for Common Integration

Digital Wallets / Mobile Wallets

Value Added Services

Merchant Aggregators

Consumer / Device Identity Managers

Merchants / SRC Initiators

Cardholder

Issuing Bank

Merchants / Digital Shopping

Applications

Payment Network / SRC

System

Secure Remote Commerce is an evolution of remote commerce that enables secure and interoperable payment acceptance from browser or applications based on dynamically created payload, SRC checkout and common user experience based on specified messages


SRC in Context of Merchant Environment version 1.0

Merchant experience varies by channel (web, mobile application, other technology)

SRC Experience facilitated by SRC System

IdentityCard

SelectionAssurance & Verification

Payment Tokenisation

3-D SecureRequired

Optional

Shipping Payment & Billing

Order & Review

ConfirmationCheckout PageProduct Page

3DS Authorisation

FOR ILLUSTRATIVE PURPOSES ONLY

NOTE: The SRC Specification does not mandate use or limit implementations to a “Single Button”.


• Oct 2017

– Publish SRC Technical Framework

• Oct 2018

– SRC Specification v0.9 released to the public

• Why Publish v0.9?

– Present to a broader population from the payments community, technical/industry bodies, and merchants

– Increase visibility of the spec to encourage participation

– Allow for product roadmap and investment planning

– Encourage more companies to participate at an associate level

– Expedite the release of the SRC Spec to address market needs

SRC Specification Release Update

*The timeline and dates presented are provisional and subject to change.

EMVCo Associates Programme (EAP)


EAP Connects EMVCo to Industry Leaders

EMVCo Associates Programme provides:


Current EMVCo Business Associates

^ Participation as of 3 October 2018 | * Denotes dual Associates: registered as TA and BA

Business Associates (59)

ANZ AsiaPay* Australian Payments Network* Bancomat Bank of America

Bank of America Merchant Services

Barclaycard* Bankalararasi Kart Merkezi* Banque Populaire Caisse

d’EpargneBundesverband deutscher

Banken

Carrefour Banque* Cartao Elo* Cartes Bancaires* Citi* Conexxus

Creditcall Ltd.* Credit Mutuel Dutch Payments Association EFTPOS Australia* equensWorldline

EURO 6000, S.A.European Card Payment

AssociationEuropean Payments Council Expedia* First Data*

Financial Software & Systems (FSS)

Global Payments, Inc.* Google* Interac* JP Morgan Chase*

Merchant Advisory Group (MAG)

Merchant e-Solutions Microsoft* Moneris Solutions*National Credit Card Center

of R.O.C.*

National Payments Corporation of India*

NSPK* PAN-Nordic Card Association* PASA Poste Italiane*

RedsysSaudi Arabian Monetary

Authority*SHAZAM* SIA-SSB Soft Space*

Sony Interactive Entertainment LLC*

Square* SRC Research* STET Stripe*

Swedbank Target The Clearing House* TSYS* U.S. Bank*

Vantiv* Verve International* WIBMO* Worldpay*


Current EMVCo Technical Associates

^ Participation as of 3 October 2018 | * Denotes dual Associates: registered as TA and BA

Technical Associates (69)

Ant Financial Services Group AsiaPay* Australian Payments Network* Barclaycard* BKM, A.S.*

CA Technologies Carrefour Banque* Cartao Elo* Cartes Bancaires* Citi*

Consult Hyperion Creditcall Ltd.* CTC advanced GmbH EFTPOS Australia* Everi

Expedia* Feitian Technologies FIME First Data* FIS OTS

Fujian LANDI Commercial Equipment Co.

Global Payments, Inc.* Google* Ingenico Terminals Intel

Interac* JP Morgan Chase* Micro Focus Microsoft* Modirum

Moneris Solutions* mSIGNIA National Credit Card Center of R.O.C.*National Payments Corporation

of India*Netcetera

Nets DK NCR Financial Solutions Group NSPK* NTT DATA Corporation PAAY

Panasonic Mobile Communications

PAN-Nordic Card Association* PAX Computer Technology Poste Italiane* Rambus

RSASaudi Arabian Monetary

Authority*SHAZAM*

Sony Interactive Entertainment LLC*

Soft Space*

Square* SRC Research* Stripe* Thales Tencent

The Clearing House* ThreatMetrix Toshiba Global Commerce Solutions TRUXTUN Capital TSYS*

TTA TÜV SÜD UL U.S. Bank* Vantiv*

Verifone Verve International* WIBMO* Worldpay*


Thank You!For more information visit www.emvco.com or join us on LinkedIn

Audio commentary is available to accompany these slides. View the ‘EMV SRC Presentation with Audio’ onthe EMV SRC press kit page.

http://www.emvco.com/

https://www.emvco.com/media-centre/emv-secure-remote-commerce-kit/

emv® secure remote commerce presentation · 2018-11-02 · e-commerce digital web-based payments...

Documents