Lars Sandtorv (CEO, MeaWallet) breaks down the impact of the recently launched EMV Secure Remote Commerce (SRC) specification v1.0 and how EMV SRC could operate alongside tokenisation.
With the first implementations of EMVCo’s EMV SRC specification entering the ecosystem, now is the perfect time to ask ‘what is EMV SRC and how will it interact with tokenisation?’, not least because the specification has been making waves since its publication in June 2019.
For example, in September 2019, it was announced that the Visa Checkout service would close and that the giant would migrate to a new solution based on the EMV SRC specification in 2020.
Moreover, Mastercard has also begun to talk about the technology and has developed its own offering based on the specification. Additionally, it has publicly endorsed the initiative since the launch of the draft specification in October 2018.
Described by EMVCo as a set of specifications that enable the creation of a ‘virtual payment terminal’, EMV SRC is designed to enhance the e-commerce payment experience and make it as seamless as possible.
More specifically, it defines interfaces to allow for secure exchanges of payment data between participants in the remote commerce environment.
Additionally, it accommodates options for using dynamic data, such as cryptograms or other transaction unique data, to enhance the security of payment transactions on a merchant’s SRC-enabled website, mobile app or other e-commerce platform.
So, is this new specification a one stop revolution, or is it best deployed with supporting, established technologies?
Importantly, we also know from EMVCo that EMV SRC is compatible with other technologies including EMV Payment Tokenisation. It reads: “EMV® Payment Tokenisation may be used, for example, to restrict usage of a digital card to the remote commerce acceptance channel at a specific merchant.”
In EMVCo’s own words, as taken from the specification itself:
“The SRC System can elect to request Payment Tokens from one or more Token Service Providers as part of the overall management of the SRC Profile.
“As such, the SRC System participates in one or more Token Programmes and can act as a Token Requestor or Token Requestor Aggregator on behalf of one or more Token Requestors.
“The SRC System supports Token Requests as defined in EMV Payment Tokenisation Specification – Technical Framework and implemented by an enabled TSP(s). The SRC System interfaces with relevant Token Service Providers (TSPs).
“When the SRC System is acting as a Token Requestor or Token Requestor Aggregator, it is responsible for interfacing and integrating with the appropriate TSP implementation requirements in accordance with the Token Programme(s) policies and processes including the facilitation of the relevant Identification and Verification (ID&V) requirements.”
This may sound technical, but the sentiment is there: EMV SRC and tokenisation are a natural fit, and consensus suggests that combining both technologies will offer merchants and customers the best outcome.
In fact, Mastercard went as far to state that it believes a seamless shopping experience must also bring in tokenisation and advanced authentication as a means of protecting account numbers and reducing fraudulent transactions.
As we learn more about EMV SRC we will be able to discuss further but at this point, we must at least celebrate this as a step in the right direction while remembering no technology is an island in of itself.
