Visa Amps up Authentication Tools
Enhancements are coming to Visa’s Verified by Visa (VbV) online authentication service, and the 3-D Secure messaging protocol on which it’s based, the payment network announced Sept. 20. Starting in April 2018, Visa will begin phasing out static passwords in the VbV enrollment process, in favor of dynamic one-time passwords sent via SMS or email. The change will reduce enrollment vulnerabilities, such as in cases where a fraudster can falsely register a password on a cardholder’s behalf. Eliminating passwords will also lower rates of online shopping cart abandonment by reducing friction when consumers enroll in VbV in the process of making an online purchase, as well as reducing customer frustration over forgotten passwords, Visa said.
For Visa issuers in the U.S., Canada, Europe, Latin America, Malaysia, Singapore and Thailand, the change will take effect in April 2018. For issuers in Central and Eastern Europe, the Middle East, Africa and the remaining Asia Pacific countries, Verified by Visa-specific static passwords will be eliminated by October 2018, the network said.
Changes are also in store for Visa’s 3-D Secure messaging protocol, which was invented by the network more than 15 years ago and has become the de facto industry standard for online authentication. In 2014, Visa and Mastercard jointly contributed an updated and enhanced version of 3-D Secure to EMVCo, the global body that manages EMV specifications and other payments standards. The new version, dubbed 3-D Secure 2.0, currently is being shared with EMVCo members and will be available to the general public in late 2016. 3-D Secure 2.0 will provide card issuers with more data that can be used when authenticating a transaction and enable issuers to better integrate authentication into their checkout processes for a more seamless consumer shopping experience, Visa said.