EMV® Secure Remote Commerce What is Remote Commerce? Remote Commerce E-commerce Online Payments Digital Web-based Payments Commerce Copyright ©2017©2018 EMVCo – Confidential 2 When Does Remote Commerce Happen? • During the checkout process a merchant asks a consumer to provide or select a payment method for a purchase • Checkout may also include: Remote commerce – Verification of the cardholder and present happens at the bill of sale checkout process – Delivery of information to enable the receipt of the purchased goods or services Copyright ©2017©2018 EMVCo – Confidential 3 Challenges within the Industry Landscape Remote commerce continues to grow worldwide with the popularity of online purchasing. However, it has become increasingly targeted and susceptible to compromise. • Current environment • Variety of • Primary Account has many different implementations Numbers (PAN) entry, integration models result in transmission and which can be fragmentation, subsequent storage of expensive and time complexity, and live PAN introduces intensive for inconsistency significant risk merchants Copyright ©2017©2018 EMVCo – Confidential 4 Concerns with Remote Commerce Each stakeholder needs to balance different concerns associated with payment card acceptance during a remote commerce checkout experience Merchants Consumers • User friction increases cart • Concerned that account will be abandonment compromised • Online transactions carry increased risk • Don’t have the same level of • Supporting multiple, unique payment convenience (e.g. multi data entry) solutions is expensive and time intensive across multiple merchants Copyright ©2017©2018 EMVCo – Confidential 5 Secure Remote Commerce Secure Remote Commerce (SRC) establishes the foundation to deliver a consistent consumer checkout experience while increasing simplicity and security EMV® Secure Remote • Creates a consistent, streamlined checkout Commerce environment for digital transactions • Provides secure payment acceptance between a merchant site and the consumer device • Supports a variety of consumer devices (phones, tablets, PCs, and IoT devices) Copyright ©2017©2018 EMVCo – Confidential 6 EMV® SRC Specification Specification Features EMVCo will develop and maintain the EMV Secure Remote • Provides interfaces to support secure exchanges of data between Commerce merchants and issuers to enable payment Specifications to support remote • Defines UIs and APIs to enable predictable payment experiences transactions in a globally interoperable • Defines secure delivery methods of a payment payload to a manner merchant • Define a payment payload with valid payment credentials • Supports the protection of transactions with dynamic data • Does not impact the existing processes for authorisation Copyright ©2017©2018 EMVCo – Confidential 7 SRC Key Benefits SRC benefits merchants, consumers, and all industry stakeholders by streamlining integration and facilitating innovation across new devices, channels and technologies Merchants Consumers • Potentially lowers shopping cart • Provides a choice of online checkout abandonment methods • Simplifies integrations • Delivers a consistent and secure • Supports the integration of new consumer purchase experience across technologies multiple merchants • Provides a choice of online checkout methods Copyright ©2017©2018 EMVCo – Confidential 8 Remote Commerce vs. Secure Remote Commerce Physical Payments Consumer Payment Interaction Information Physical Terminal Payment Card BAU Authorisation Remote Commerce Merchant Website Payment Card Merchant and Acquiring Payment Issuing Intermediaries Bank Network Bank Cardholder 10100 Merchant Payment Digital Card SRC System Information Secure Remote Commerce Selection Copyright ©2017©2018 EMVCo – Confidential 9 Secure Remote Commerce Scope As the development of the EMV® Secure Remote Commerce (SRC) Specification has progressed, it is critical to understand the intention/focus behind the specification and included annexes SRC Specification Focus Outside of SRC Specification Scope ✓ Preparation and assertion of the data to be • Changes to transaction processing passed along through existing transaction processing rails • Implementation mandates ✓ Consistency in payload to provide structure • Restrictions on who can play which roles and ubiquity to help ease global integration • What the merchant experience looks like ✓ Guidance / Clarity for how to connect with an SRC System • Compliance or policy requirements ✓ Visual elements for incorporation to allow for customer recognition Copyright ©2017©2018 EMVCo – Confidential 10 Secure Remote Commerce Objectives • Establish interoperable interfaces for all stakeholders to enable a consistent payment card specification for message content, transmission and security • Deliver a consistent representation of the consumer account data to merchant • Introduce Dynamic Data to protect the Payment Data through a scalable solution • Providing transparency between the participants to facilitate Cardholder Authentication and Consumer Device identification • Enable the integration of other EMV® specifications such as Payment Tokenisation and 3-D Secure authentication • Minimise consumers entry of their Payment Data by enabling consistent identification of the Consumer and the Consumer Device to minimise friction and potentially reduce abandonment during the payment experience • Supporting common Consumer Verification to enable access to established Payment Data Copyright ©2017©2018 EMVCo – Confidential 11 SRC Participants and Roles Functions Description Typical Participant Examples • Any Payment System Responsible for the policies and processes associated with the oversight of SRC • Global/ Regional/ Domestic SRC Programme participants within an SRC System • Proprietary (Merchant, Issuer, other) Orchestration of all technical activities between participants, manages the • Payment Networks supporting SRC System technical aspects of the SRC Programme Payment Systems • Merchants Digital Shopping A payment enabled application that facilitates the SRC consumer experience • Marketplace Application (DSA) • Hosted Order Page Provider • Wallets Digital • Browser Card Facilitator Provides consumers access to information for use during a commerce exchange • Issuer SRC Roles SRC (DCF) • Merchant Facilitates the collection and transmission of digital card and checkout SRC Initiator (SRC I) • Merchant Service Providers information on behalf of a DSA to enable the initialisation of a payment SRC Participating Enrols the cardholder, PAN and authorisation related data • Issuers Issuer (SRC PI) Copyright ©2017©2018 EMVCo – Confidential 12 Why EMV® Secure Remote Commerce? Current Checkout Solutions EMV Secure Remote Commerce Single Provider Solutions Multi-Provider Solutions Service Issuer Merchant PSP Payment Device Issuer Merchant Provider Wallet domain Wallets Network domain Checkout Secure Checkout Cloud COF Single Source Excluded Limited Single Multiple VS All All Any Agnostic All Providers Service Wallets / Issuer Merchant Provider Device Selection domain Checkout SRC Roles Device Digital Assurance SRC Limited Single Tied to Single Participating Shopping SRC SRC enables Digital Card Participating Provider Source Application Initiator System access Facilitator Issuer Copyright ©2017©2018 EMVCo – Unauthorised reproduction is prohibited 13 EMV® SRC Addresses Gaps of Many Single Provider Solutions One-off Fragmented - Potential-Risk - Lack of Scale - Current Gaps Solutions Varied Experiences PAN Exposure Single Provider Merchant by Merchant Common + Secure + Scalable + 360o Solution Dynamic Data; Consistent EMV SRC Common Experience Ubiquitous Assurance Implementation Achieves Higher Cart Conversion Higher Authorisation Lower Cost of & Rates & Integration & Higher Higher Adoption More Engagement Low Fraud Losses Acceptance Rates • Scale is fundamental to the effectiveness of solutions • Innovation in payment technologies mostly affects merchant-facing functions in the value chain • Integration of each new data source is resource and time consuming • Convenience over security is not an acceptable tradeoff for consumers and all want access to all their existing cards Copyright ©2017©2018 EMVCo – Unauthorised reproduction is prohibited 14 EMV® SRC enables a Spectrum of Solutions Individual SRC Programmes in conjunction with SRC Systems’ participation may offer a spectrum of solutions for consumers from anonymity to full convenience. Consumer Experience Spectrum Consumers may want different experiences Guest Device Agnostic Device Specific Frictionless based on their confidence in the solution providers Frequency One Time Repeat User Repeat User Repeat User Enrol with Issuer but Enrol but do not Enrol and remember me Enrol and remember me Recognition do not store my remember/track me (no on this device on this device information device recognition) I can prove it is my card Check to make sure it is Check to make sure it is Do not ask me for Assurance me, I can prove it’s me me on this device information if you know it’s me Copyright ©2017©2018 EMVCo – Unauthorised reproduction is prohibited 15 SRC Specification Enabling an Ecosystem Secure Remote Commerce is a catalyst that enables innovators to create compelling products and integrate simple and secure payments with interoperable interfaces defined within EMVCo Onboarding and Registration Secure Remote Commerce is an evolution Enrolment of remote commerce that enables secure and interoperable payment acceptance from browser or applications based on
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages23 Page
-
File Size-