November 2, 2017
EMVCo launches EMV Secure Remote Commerce Technical Framework
New framework provides a foundation to evolve the remote commerce environment to offer greater security, convenience and interoperability
LONDON -- Technical body EMVCo has publicly released EMV Secure Remote Commerce (SRC) – Technical Framework version 1.0. The framework describes the roles, high level processes and data descriptions that enable card data to be protected and exchanged in a consistent and secure manner within the remote commerce environment. The technical framework will be followed by the publication of a detailed specification that defines the protocol and core functions.
Remote commerce refers to the purchase of goods and services by consumers via applications and browsers on mobile phones, tablets, desktop computers and Internet-connected devices.
EMV SRC will address the complexities and potential vulnerabilities within the remote payments environment by defining a consistent approach to enable the secure transmission and interaction of payment card data among participants. This helps reduce exposure to data compromise and simplify merchant support of these solutions.
The goals of EMVCo’s SRC work are to:
Extend the approach to security successfully utilised at the physical point-of-sale to the remote payments environment.
Reduce ecosystem complexity by providing consistent and simplified integration processes and interfaces among stakeholders.
Enhance the security of remote commerce websites and applications through the introduction of dynamic data to enable the secure transmission of payment and checkout information.
Provide integration options for other EMV Specifications, including EMV 3-D Secure and EMV Payment Tokenization.
Reduce the requirement for cardholder data entry by enabling the consistent identification of the consumer, potentially lowering shopping cart abandonment.
“Remote commerce is often initiated through the manual entry of cardholder data into a merchant’s, or other provider’s, website or application by the consumer," explains Cheryl Mish, EMVCo Board of Managers Chair. While data storage solutions to protect card and account data are widely implemented, the actual method of delivering the payment card data to the merchant has vulnerabilities that can potentially be exploited. As a result, multiple industry participants have worked to address these vulnerabilities by providing application-based solutions that deliver, among other things, a simplified consumer payment experience. As each solution is unique, however, independent merchant integration is required to facilitate the exchange of payment related information, leading to increased complexity.”
Mish continues: “EMVCo is therefore working with the payments ecosystem to define security improvements, simplify merchant integration and enable a consistent consumer experience for remote payments.”
The EMV SRC Technical Framework received extensive feedback from EMVCo Associates throughout its development, and EMVCo encourages continued input from interested parties via its Associates Programme. To receive advance notification of future developments and stay informed on this initiative, become an EMVCo Subscriber.
“As payments technologies advance, the EMV Specifications evolve to address emerging challenges and meet new requirements, adds Jack Pan, EMVCo executive committee chair. "EMVCo has the strategic breadth, industry knowledge and technical ability, coupled with a proven record of specification delivery, to facilitate the development of secure and interoperable remote payment solutions.”
To learn more about EMV SRC, read the Q&A.