EMV® Secure Remote Commerce

What is Remote Commerce?

Remote Commerce
E-commerce
Online Payments
Digital
Web-based Payments Commerce

©2018 EMVCo – Confidential

Copyright ©2017 2
 When Does Remote Commerce Happen?

• During the checkout process a merchant

asks a consumer to provide or select a
payment method for a purchase
• Checkout may also include:
Remote
commerce – Verification of the cardholder and present
happens at the bill of sale
checkout
process – Delivery of information to enable the
receipt of the purchased goods or services

©2018 EMVCo – Confidential

Copyright ©2017 3
 Challenges within the Industry Landscape

Remote commerce continues to grow worldwide with the popularity of online

purchasing. However, it has become increasingly targeted and susceptible to
compromise.

• Current environment • Variety of • Primary Account

has many different implementations Numbers (PAN) entry,
integration models result in transmission and
which can be fragmentation, subsequent storage of
expensive and time complexity, and live PAN introduces
intensive for inconsistency significant risk
merchants

©2018 EMVCo – Confidential

Copyright ©2017 4
 Concerns with Remote Commerce
Each stakeholder needs to balance different concerns associated with payment card
acceptance during a remote commerce checkout experience

Merchants Consumers

• User friction increases cart • Concerned that account will be

abandonment compromised
• Online transactions carry increased risk • Don’t have the same level of
• Supporting multiple, unique payment convenience (e.g. multi data entry)
solutions is expensive and time intensive across multiple merchants

©2018 EMVCo – Confidential

Copyright ©2017 5
 Secure Remote Commerce

Secure Remote Commerce (SRC) establishes the foundation to deliver a consistent

consumer checkout experience while increasing simplicity and security

EMV® Secure Remote • Creates a consistent, streamlined checkout

Commerce environment for digital transactions
• Provides secure payment acceptance between a
merchant site and the consumer device
• Supports a variety of consumer devices (phones,
tablets, PCs, and IoT devices)

©2018 EMVCo – Confidential

Copyright ©2017 6
 EMV® SRC Specification

Specification Features
EMVCo will develop
and maintain the EMV
Secure Remote • Provides interfaces to support secure exchanges of data between
Commerce merchants and issuers to enable payment
Specifications to
support remote • Defines UIs and APIs to enable predictable payment experiences
transactions in a
globally interoperable • Defines secure delivery methods of a payment payload to a
manner merchant

• Define a payment payload with valid payment credentials

• Supports the protection of transactions with dynamic data

• Does not impact the existing processes for authorisation

©2018 EMVCo – Confidential

Copyright ©2017 7
 SRC Key Benefits
SRC benefits merchants, consumers, and all industry stakeholders by streamlining integration
and facilitating innovation across new devices, channels and technologies

Merchants Consumers

• Potentially lowers shopping cart • Provides a choice of online checkout

abandonment methods
• Simplifies integrations • Delivers a consistent and secure
• Supports the integration of new consumer purchase experience across
technologies multiple merchants
• Provides a choice of online checkout
methods

©2018 EMVCo – Confidential

Copyright ©2017 8
 Remote Commerce vs. Secure Remote Commerce

Physical Payments
Consumer Payment
Interaction Information
Physical Terminal
Payment Card
BAU Authorisation
Remote Commerce

Payment Card Merchant Website Payment

Merchant and Acquiring Issuing
Intermediaries Bank Network Bank
Cardholder

10100

Merchant Payment
Digital Card SRC System Information
Secure Remote Commerce Selection

©2018 EMVCo – Confidential

Copyright ©2017 9
 Secure Remote Commerce Scope
As the development of the EMV® Secure Remote Commerce (SRC) Specification has progressed, it is critical to
understand the intention/focus behind the specification and included annexes

SRC Specification Focus Outside of SRC Specification Scope

✓ Preparation and assertion of the data to be • Changes to transaction processing

passed along through existing transaction
processing rails • Implementation mandates

✓ Consistency in payload to provide structure
and ubiquity to help ease global integration
✓ Guidance / Clarity for how to connect with
an SRC System
• Restrictions on who can play which roles
• What the merchant experience looks like
• Compliance or policy requirements

✓ Visual elements for incorporation to allow

for customer recognition

©2018 EMVCo – Confidential

Copyright ©2017 10
 Secure Remote Commerce Objectives
• Establish interoperable interfaces for all stakeholders to enable a consistent payment card
specification for message content, transmission and security

• Deliver a consistent representation of the consumer account data to merchant

• Introduce Dynamic Data to protect the Payment Data through a

scalable solution

• Providing transparency between the participants to facilitate Cardholder Authentication and Consumer
Device identification

• Enable the integration of other EMV® specifications such as Payment Tokenisation and 3-D Secure
authentication

• Minimise consumers entry of their Payment Data by enabling consistent identification of the Consumer and
the Consumer Device to minimise friction and potentially reduce abandonment during the payment
experience

• Supporting common Consumer Verification to enable access to established Payment Data

©2018 EMVCo – Confidential

Copyright ©2017 11
 SRC Participants and Roles
Functions Description Typical Participant Examples
• Any Payment System
Responsible for the policies and processes associated with the oversight of SRC • Global/ Regional/ Domestic
SRC Programme
participants within an SRC System • Proprietary (Merchant,
Issuer, other)

Orchestration of all technical activities between participants, manages the • Payment Networks supporting
SRC System
technical aspects of the SRC Programme Payment Systems

• Merchants
Digital Shopping
A payment enabled application that facilitates the SRC consumer experience • Marketplace
Application (DSA)
• Hosted Order Page Provider
SRC Roles

• Wallets
Digital
• Browser
Card Facilitator Provides consumers access to information for use during a commerce exchange
• Issuer
(DCF)
• Merchant

Facilitates the collection and transmission of digital card and checkout

SRC Initiator (SRC I) • Merchant Service Providers
information on behalf of a DSA to enable the initialisation of a payment

SRC Participating
Enrols the cardholder, PAN and authorisation related data • Issuers
Issuer (SRC PI)

©2018 EMVCo – Confidential

Copyright ©2017 12
 Why EMV® Secure Remote Commerce?

Current Checkout Solutions EMV Secure Remote Commerce

Single Provider Solutions Multi-Provider Solutions
Service Issuer
Merchant Wallet Merchant PSP Payment Device Wallets Issuer
Provider domain
Network domain
Checkout
Secure
Checkout
Cloud COF
Limited Single Single Source Excluded
VS Multiple
All All Any Agnostic All
Providers
Service Wallets / Issuer
Merchant Device Selection
Provider domain

Checkout SRC Roles

Device Assurance SRC

Single Digital
Limited Tied to Single Participating SRC
Shopping SRC enables Digital Card Participating
Provider Source Application Initiator System access Facilitator Issuer

©2018 EMVCo – Unauthorised reproduction is prohibited

Copyright ©2017 13
 EMV® SRC Addresses Gaps of Many Single Provider Solutions
One-off
Fragmented - Potential-Risk - Lack of Scale -
Current Gaps Solutions
Varied Experiences PAN Exposure Single Provider Merchant by Merchant

Common + Secure + Scalable + 360o Solution

EMV SRC Common Experience

Dynamic Data;
Ubiquitous Consistent
Assurance Implementation
Achieves Higher Cart Conversion Higher Authorisation Lower Cost of
& Rates & Integration & Higher Higher Adoption
More Engagement Low Fraud Losses Acceptance Rates

• Scale is fundamental to the effectiveness of solutions

• Innovation in payment technologies mostly affects merchant-facing functions in the value chain
• Integration of each new data source is resource and time consuming
• Convenience over security is not an acceptable tradeoff for consumers and all want access to all their existing cards

©2018 EMVCo – Unauthorised reproduction is prohibited

Copyright ©2017 14
 EMV® SRC enables a Spectrum of Solutions
Individual SRC Programmes in conjunction with SRC Systems’ participation may offer a
spectrum of solutions for consumers from anonymity to full convenience.

Consumer Experience Spectrum

Consumers may want
different experiences
based on their confidence
Guest Device Agnostic Device Specific Frictionless
in the solution providers

Frequency One Time Repeat User Repeat User Repeat User

Enrol with Issuer but Enrol but do not Enrol and remember me Enrol and remember me
Recognition do not store my remember/track me (no on this device on this device
information device recognition)

I can prove it is my card Check to make sure it is Check to make sure it is Do not ask me for
Assurance me, I can prove it’s me me on this device information if you know
it’s me

©2018 EMVCo – Unauthorised reproduction is prohibited

Copyright ©2017 15
 SRC Specification Enabling an Ecosystem
Secure Remote Commerce is a catalyst that enables innovators to create compelling products and integrate simple
and secure payments with interoperable interfaces defined within EMVCo

Onboarding and Registration Secure Remote Commerce is an evolution

Enrolment of remote commerce that enables secure
and interoperable payment acceptance
from browser or applications based on
Issuing Bank Merchant Digital Wallets / Value Added Consumer / Device
dynamically created payload, SRC
Aggregators Mobile Wallets Services Identity Managers checkout and common user experience
based on specified messages
EMV® Secure Remote Commerce Specification for Common Integration
BAU Authorisation

Cardholder Merchants / Digital Merchants / Wallets / Digital Payment Merchant and Acquiring Bank Payment Issuing Bank
Shopping SRC Initiators Card Facilitators Network / SRC Intermediaries Network
Applications System
SRC Systems

©2018 EMVCo – Unauthorised reproduction is prohibited

Copyright ©2017 16
 SRC in Context of Merchant Environment version 1.0

Product Page Checkout Page Shipping Payment & Order & Confirmation
Billing Review

3DS Authorisation

NOTE: The SRC Specification does not SRC Experience facilitated by SRC System
mandate use or limit implementations
Card Assurance &
to a “Single Button”. Identity
Selection Verification

Required Payment
3-D Secure
Tokenisation
Optional

Merchant experience varies by channel (web, mobile application, other technology) FOR ILLUSTRATIVE PURPOSES ONLY

©2018 EMVCo – Unauthorised reproduction is prohibited

Copyright ©2017 17
 SRC Specification Release Update

• Oct 2017
– Publish SRC Technical Framework
• Oct 2018
– SRC Specification v0.9 released to the public
• Why Publish v0.9?
– Present to a broader population from the payments community,
technical/industry bodies, and merchants
– Increase visibility of the spec to encourage participation
– Allow for product roadmap and investment planning
– Encourage more companies to participate at an associate level
– Expedite the release of the SRC Spec to address market needs

*The timeline and dates presented are provisional and subject to change.

©2018 EMVCo – Confidential

Copyright ©2017 18
EMVCo Associates Programme (EAP)
 EAP Connects EMVCo to Industry Leaders
EMVCo Associates Programme provides:

©2018 EMVCo – Unauthorised reproduction is prohibited

Copyright ©2017 20
 Current EMVCo Business Associates
Business Associates (59)

ANZ AsiaPay* Australian Payments Network* Bancomat Bank of America

Bank of America Banque Populaire Caisse Bundesverband deutscher

Barclaycard* Bankalararasi Kart Merkezi*
Merchant Services d’Epargne Banken
Carrefour Banque* Cartao Elo* Cartes Bancaires* Citi* Conexxus

Creditcall Ltd.* Credit Mutuel Dutch Payments Association EFTPOS Australia* equensWorldline

European Card Payment

EURO 6000, S.A. European Payments Council Expedia* First Data*
Association
Financial Software &
Global Payments, Inc.* Google* Interac* JP Morgan Chase*
Systems (FSS)
Merchant Advisory National Credit Card Center
Merchant e-Solutions Microsoft* Moneris Solutions*
Group (MAG) of R.O.C.*
National Payments
NSPK* PAN-Nordic Card Association* PASA Poste Italiane*
Corporation of India*
Saudi Arabian Monetary
Redsys SHAZAM* SIA-SSB Soft Space*
Authority*
Sony Interactive
Square* SRC Research* STET Stripe*
Entertainment LLC*
Swedbank Target The Clearing House* TSYS* U.S. Bank*
Vantiv* Verve International* WIBMO* Worldpay*
^ Participation as of 3 October 2018 | * Denotes dual Associates: registered as TA and BA

©2018 EMVCo – Unauthorised reproduction is prohibited

Copyright ©2017 21
 Current EMVCo Technical Associates
Technical Associates (69)
Ant Financial Services Group AsiaPay* Australian Payments Network* Barclaycard* BKM, A.S.*

CA Technologies Carrefour Banque* Cartao Elo* Cartes Bancaires* Citi*

Consult Hyperion Creditcall Ltd.* CTC advanced GmbH EFTPOS Australia* Everi

Expedia* Feitian Technologies FIME First Data* FIS OTS

Fujian LANDI Commercial
Global Payments, Inc.* Google* Ingenico Terminals Intel
Equipment Co.
Interac* JP Morgan Chase* Micro Focus Microsoft* Modirum

National Payments Corporation

Moneris Solutions* mSIGNIA National Credit Card Center of R.O.C.* Netcetera
of India*

Nets DK NCR Financial Solutions Group NSPK* NTT DATA Corporation PAAY
Panasonic Mobile
PAN-Nordic Card Association* PAX Computer Technology Poste Italiane* Rambus
Communications
Saudi Arabian Monetary Sony Interactive Entertainment
RSA SHAZAM* Soft Space*
Authority* LLC*
Square* SRC Research* Stripe* Thales Tencent

The Clearing House* ThreatMetrix Toshiba Global Commerce Solutions TRUXTUN Capital TSYS*

TTA TÜV SÜD UL U.S. Bank* Vantiv*

Verifone Verve International* WIBMO* Worldpay*
^ Participation as of 3 October 2018 | * Denotes dual Associates: registered as TA and BA

©2018 EMVCo – Unauthorised reproduction is prohibited

Copyright ©2017 22
 Thank You!
For more information visit
www.emvco.com or join us
on LinkedIn

Audio commentary is
available to accompany these
slides. View the ‘EMV SRC
Presentation with Audio’ on
the EMV SRC press kit page.

©2018 EMVCo – Unauthorised reproduction is prohibited

Copyright ©2017 23