October 26, 2017
At a gathering in Barcelona yesterday, the PCI Security Standards Council (PCI SSC) announced a new standard supporting the implementation of EMVco’s EMV 3-D Secure protocol (3DS 2.0).
In January of 2015, EMVco—the standards-setting body responsible for developing the technical specifications around EMV-compliant payments—announced it would develop and manage the specifications for the new version of 3D Secure. Since then, 3DS 2.0 has gathered momentum (after the original version was shunned by merchants, especially in the U.S., because they felt it negatively affected conversion) as a risk-based authentication method for online transactions.
The new standard from PCI SSC outlines the requirements and assessment procedures for the components that make up the EMV 3D Secure protocol: 3DS Access Control Server (ACS), Directory Server (DS), and 3DS Server. The PCI 3DS Core Security Standard defines appropriate security controls to protect these specific 3DS environments
“Dynamic authentication is becoming increasingly important to securing payments in an omnichannel world,” said PCI SSC Chief Technology Officer Troy Leach. “A new and improved EMV® 3DS protocol supported by PCI Security Standards will enhance the security of 3DS infrastructures and transactions and improve dynamic authentication for e-commerce and m-commerce environments.”