Whenever you hear about EMV 3-D Secure, one of the big selling points is that this set of protocols includes 10 times more data than the original version, 3-D Secure 1.0.
But what does that really mean? What data points are included, and how can they really help an issuer make better decisions?
Let’s see how issuers can use some of these data elements to authenticate more good transactions.
Learn More
With the original 3DS, there were only 13 data elements shared with the issuer. This helped issuers make better risk decisions, but a lot more could be done. Enter EMV 3DS, with 10 times more data than the original. That comes to 130-plus data elements. Let’s look at these and see what they are and how they can help.
View the 4 main data categories
Transaction and Consumer Data
Authentication
Data
Merchant Data
Device Data
1
2
3
4
Transaction and consumer data
Transaction and consumer data are gathered during checkout. These include
• Account number (PAN) and expiration date
• Consumer billing and shipping address information (including postal
address, city, state, zip/postal code)
• Consumer name
• Email address
• Phone number
• Transaction amount
• Currency code
• Transaction type
Most of these fields are required in EMV 3DS, and some are conditional – for instance, a physical shipping address may not be required if the product is digitally delivered.
As with all of the data the issuer sees in authentication, these can be compared to what the issuer has on file about their cardholder, and if something doesn’t match, the issuer can determine how much risk that adds, or they can ask for more information, in the form of a challenge, or step-up, or a manual review. Manual review means an actual person looks at the transaction and evaluates it, to make sure the transaction is legitimate.
• If the billing and shipping addresses don’t match, that can mean that the cardholder is shipping the order as a gift.
• Email address and phone (as well as shipping address) might not match if the cardholder is using their work information.
• Or the consumer may be using a new device or address, which would not be recognized – yet – by the issuer.
Authentication Data
Device Data
Authentication data
These are non-3DS data used to access the merchant’s website (and often saved account and card-on-file information).
Other data include
Merchant data are also optional, but can be valuable.
• Merchant name
• Merchant URL
• Merchant category code (MCC)
• Country
• Acquiring MID
• 3DS network identifier
• Shipping and delivery data
These data are optional for the merchant to share, but recommended, as they can be valuable in the issuer’s decision-making process.
Merchant Data
Merchant data
Merchant information can also help an issuer determine the risk of a transaction. These fields include
• Pre-order/re-order
• Gift card amount
• Account standing (account age, account creation date, account change
indicators and dates, payment account indicator and age)
• Shipping usage
• Fraud activity (suspicious activity on account and add-card attempts)
Device data can be very important in helping issuers make confident risk decisions. These data include
Next Section
Device data
Issuers can see whether the consumer is using the same device and IP address to shop as they use for online banking, or whether it is a device or IP address they have used with the bank in the past.
They can compare the latitude and longitude with the location data they have for their cardholder – is the cardholder transacting at or near their home?
Device data can be required. When issuers use the Method URL capability within EMV 3DS, merchants are required to share device data. This gives the issuer access to the cardholder’s browser environment to conduct data collection.
As you can see, more data can mean better decisions in authentication, which benefits merchants, issuers, and consumers.
• Device channel (browser, app, 3RI)
• IP address
• Language
• Screen height and width
• Time zone
• Browser header
• Native app platform
• Mobile device model
• OS name and version
• Latitude and longitude
• iOS- and Android-specific information
EMV 3DS is a valuable tool to authenticate consumers who are buying more and more online. The EMV 3DS data elements allow the issuers to compare what the merchants know about the consumer with what they know about that same consumer.
This can result in better outcomes for everyone in the digital ecosystem: merchants can sell, issuers can collect funds, and best of all, consumers can buy what they want, from the merchants they choose, using their preferred payment device — everybody wins!
If you’d like to take a deeper dive into EMV 3DS data elements, click here to download the white paper that goes into more detail.
To learn more about how EMV 3DS can help you and your cardholders, contact your Visa representative.
Click on a category or scroll for more information
Why would these data elements not match the issuer’s information?
• Whether 3DS has been used successfully in the past
• Date and time of the prior EMV 3DS authentication
• Whether the issuer challenged this consumer-PAN-merchant previously
Recent or past fraud activity on an account can raise red flags for future transactions.
This can result in higher authentication rates and fewer challenges.
EMV® 3DS Data Elements: More data = better decisions
And how can that translate into less friction for the consumer and a quicker, easier (and more reliable) checkout experience?
