PCI Council to Provide Security Specs for 3DS 2.0

The next generation of 3-D Secure online user authentication, which has been in development for nearly two years, will include participation by the PCI Security Standards Council. 3DS 2.0 was announced by the card networks in Nov. 2014 as a way to progress beyond the technology’s first iteration, which suffered from low adoption rates, especially in the U.S. While 3DS was an effective way for issuers to authenticate users during card-not-present transactions, merchants worried that the extra steps added to online checkout negatively affected conversion rates. The new version will incorporate enhanced risk decisioning in an effort to minimize user friction, support for in-app and mobile Web transactions, authentication within digital wallets and other upgrades. A joint announcement between EMVco, which will establish specifications for the new version, and PCI-SSC detailed the latter’s involvement in developing security requirements, testing procedures, assessor training and reporting templates around the security environment associated with 3DS 2.0.

“3DS 2.0 is critically important to introduce improved authentication and we are excited to be working hand-in-hand with EMVCo to secure all payment channels,” said PCI Security Standards Council Chief Technology Officer Troy Leach. “The marketplace is changing every day, and with mobile payments projected to continue to rise, it is vitally important that the security concerns be addressed in the design of the authentication system to keep up with the evolving threats.”

EMVco expects the 3DS 2.0 specification to be ready before the end of this year and for the security documentation being prepared by PCI-SSC to be released during the first half of 2017.