EMVCo and the payment networks are positioning Secure Remote Commerce, or SRC, as a critical mechanism for reducing e-commerce fraud. If widely adopted by merchants, SRC will enable the elimination of some fraud types, such as malware that infects checkout screens, and can reduce others, but the safety SRC offers comes at a cost to merchants in time and effort. This blog provides a generalized technical description of how SRC operates. We will not attempt to compare and contrast specific implementation details, identify the threats these implementations should eliminate or reduce, or consider the impact of SRC on gateways, acquirers, and merchants. We will address these matters in future blogs on this website.
The scenario below assumes the cardholder has already created a profile and loaded a card into SRC.
Simplified Diagram of SRC Cardholder Operation (After User Registration)
All that is left to do is for the consumer to click on the card they want to utilize for this purchase and then click the Checkout button.
Two important steps are not included in this blog. One is the registration of the cardholder from the merchant user interface, be it a browser or smartphone. The other is the actual processing of the payment. With SRC, payment data is not posted via the browser but is passed to the SRCI back end. These two scenarios will be described in detail in future blogs