Secure Remote Commerce – The Silver Payment Bullet in E-Commerce – Finally?


Today’s most common e- and m-commerce channels are the browser and the mobile app. And remotely paying through these channels is vastly fragmented and incomplete. While apps rely on card-on-file or Apple/G/Samsung Pay, browsers, both on the desktop and on the smartphone, sport a zoo of options from simply entering credit cards, through the scheme wallets like Masterpass, (discontinued) and Visa Checkout, invoice or pre-payment, to ubiquitous Paypal. Not only do these options clutter the merchant’s payment screen, they also are a challenge to the consumer – the processes all are different and sometimes cumbersome, the authentication methods are different and payment friction is ever-present.

It is not surpizing then that the industry is looking for improved alternatives. The W3C, for instance, works on adding payment checkout options directly into the browser distributions .
However, the solutions backed by Visa, Mastercard and other schemes more recently seem to come from EMVCo, 3-D Secure 2.0 being a good example.

EMVCo to the rescue

EMVCo’s newest child, EMV Secure Remote Commerce, or SRC for short, promises to tackle this challenge. It will sport one single checkout trigger – a button in today’s scenarios – to get to all the digital cards stored in the SRC System for the user. SRC promises to be able to reliably recognize the user in many situations thus reducing renewed authentication friction. On top, the protocol makes use of the defacto standards for security and authentication of remote  credit card transaction, namely tokenization and 3DS 2.0, respectively. And, the protocol is generic enough to be applied to future channels such as voice or IoT.

One single button instead of four – a likely scenario if a merchants wants to just offer credit card payment and scheme wallets for Visa and Mastercard, never mind adding Amex, JCB or Paypal? Where do I sign up, right?


Well not so fast!

A protocol and a system that is generic enough for future unknown payment situations, that reliably recognizes the user and the device in most situations, that is flexible enough to be successfully applied to the requirements of different regions, a protocol that comes with new roles such as the „Digital Card Facilitator“ or the „SRC Initiator“ that, because they have to be applied to future scenarios, are held so generic that they cannot be easily mapped to existing payment players and, hence, are difficult to grasp.
Such a protocol is not a simple matter and will take time, likely until 2020 – time that the industry doesn’t seem to have in abundance. But EMVCo seems to be on a promising track. If they can pull it off this will be a big step forward in user convenience and seamless shopping.