November 7, 2017
In an effort to standardize online payments for greater security and interoperability, EMVco has publicly released its first step toward technical specifications for companies operating in what it is calling the remote commerce environment. For companies that accept or support payments via applications and browsers on any Internet-connected device, version 1.0 of the EMV Secure Remote Commerce Technical Framework describes the roles of different stakeholders in e- and m-commerce, and the processes and data descriptions for those stakeholders. EMVco, the payment card network-owned consortium that developed and manages the EMV security standard for in-store card security, said it wants to adapt the technology to the remote environment and reduce complexity through simplified integration processes.
“Remote commerce is often initiated through the manual entry of cardholder data into a merchant’s, or other provider’s, Website or application by the consumer,” said Cheryl Mish, EMVCo board of managers chair. “While data storage solutions to protect card and account data are widely implemented, the actual method of delivering the payment card data to the merchant has vulnerabilities that can potentially be exploited. As a result, multiple industry participants have worked to address these vulnerabilities by providing application-based solutions that deliver, among other things, a simplified consumer payment experience. As each solution is unique, however, independent merchant integration is required to facilitate the exchange of payment related information, leading to increased complexity.”
Download and read the technical framework here. EMVco said it will follow this work with the publication of a more detailed specification that defines the protocol and core functions, though it did not indicate when the specification would be available.