EMV® Secure Remote Commerce Specifications – Version Management

EMV® Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications Version 1.1 April 2025 © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Legal Notice Page i / iii The EMV® Specifications are provided “AS IS” without warranties of any kind, and EMVCo neither assumes nor accepts any liability for any errors or omissions contained in these Specifications. EMVCO DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT, AS TO THESE SPECIFICATIONS. EMVCo makes no representations or warranties with respect to intellectual property rights of any third parties in or in relation to the Specifications. EMVCo undertakes no responsibility to determine whether any implementation of the EMV® Specifications may violate, infringe, or otherwise exercise the patent, copyright, trademark, trade secret, know-how, or other intellectual property rights of third parties, and thus any person who implements any part of the EMV® Specifications should consult an intellectual property attorney before any such implementation. Without limiting the foregoing, the Specifications may provide for the use of public key encryption and other technology, which may be the subject matter of patents in several countries. Any party seeking to implement these Specifications is solely responsible for determining whether its activities require a license to any such technology, including for patents on public key encryption technology. EMVCo shall not be liable under any theory for any party’s infringement of any intellectual property rights in connection with the EMV® Specifications. © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page ii / iii Revision Log – Version 1.1 The following changes have been made to the document since the publication of version 1.0. • Editorial changes throughout to bring language into line with other SRC Specifications • Restructuring of Section 2.1 Major Releases and Section 2.2 Minor Releases to improve consistency and reliability • Creation of a new Section 2.3 Process containing material from the original Section 2.1 and Section 2.2 to eliminate repetition and to improve clarity • Renumbering / renaming Section 2.3 Deprecation Process for Backward Incompatible Changes to Section 2.4 Deprecation Process o Introduction of changes which may not result in backward incompatibility o Expanded definition of notation to include all types of changes o Creation of new Section 2.4.2 Example Other Changes to provide examples of the new types of changes introduced above • Renumbering Section 2.4 Bug Fixes to Section 2.5 Bug Fixes, along with restructuring to bring it into line with Section 2.3 Process © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page iii / iii Contents Legal Notice ............................................................................................................. i Revision Log – Version 1.1..................................................................................... ii Contents ................................................................................................................. iii 1 Introduction ....................................................................................................... 1 1.1 Purpose...................................................................................................... 1 1.2 Audience .................................................................................................... 1 1.3 Terminology and Conventions .................................................................... 1 1.3.1 Specification Version ...................................................................... 1 1.3.2 Definitions ....................................................................................... 2 1.4 References ................................................................................................. 2 2 Specification Version Management ................................................................. 3 2.1 Major Releases .......................................................................................... 3 2.1.1 Numbering ...................................................................................... 3 2.1.2 Communication ............................................................................... 3 2.2 Minor Releases .......................................................................................... 4 2.2.1 Numbering ...................................................................................... 4 2.2.2 Communication ............................................................................... 4 2.3 Process ...................................................................................................... 4 2.3.1 2.3.2 2.3.3 Associate and Subscriber Input and Feedback ............................... 4 Documentation................................................................................ 4 Communication ............................................................................... 5 2.4 Deprecation Process .................................................................................. 5 2.4.1 2.4.2 2.4.3 Example Changes Resulting in Backward Incompatibility ............... 6 Example Other Changes................................................................. 7 Deprecation policy .......................................................................... 9 2.5 Bug Fixes ................................................................................................... 9 2.5.1 2.5.2 2.5.3 Associate and Subscriber Input and Feedback ............................... 9 Documentation................................................................................ 9 Communication ............................................................................... 9 © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page 1 / 10 1 Introduction Secure Remote Commerce (SRC) is an evolution of remote commerce that provides for secure and interoperable card acceptance established through a common set of specifications (collectively known as the SRC Specifications). As the SRC Specifications evolve over time, version management of the revisions will be governed by this document, the EMV® Secure Remote Commerce Version Management for SRC API and SRC JavaScript SDK Specifications (SRC Version Management). 1.1 Purpose SRC Version Management describes how versions for the SRC Specifications are assigned and incremented. This is based on, but not necessarily limited to, pre-existing widespread common practices used within the software industry. This is specific to the following documents within the SRC Specifications: • SRC API • SRC JavaScript SDK 1.2 Audience This document is intended for use by implementers of the SRC Specifications. 1.3 Terminology and Conventions The terminology used in this document and their specific meaning is described in the following sections. 1.3.1 Specification Version The specification version refers to the SRC Specification version that SRC Participants support (e.g. 2.1). The specification version format is: MAJOR.MINOR. • A MAJOR version for significant and non-backward compatible specification changes (e.g. a new architecture). A MAJOR version increase may include additional changes • A MINOR version for added functionality and deprecated functionality © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page 2 / 10 Note: A bug fix will not contain a version numbering for immediate specification fixes as it is published in a bulletin only. A subsequent minor or major release must include those changes. 1.3.2 Definitions For the definition of the terms used in this document, refer to the SRC Core Specification, Table 1.3. 1.4 References The document is specific to the SRC API and SRC JavaScript SDK, which are listed in Table 1.1, along with the SRC Core Specification, and are located at www.emvco.com. They should be used in conjunction with this document. The latest version of any reference, including all published amendments, shall apply unless a publication date is explicitly stated. Table 1.1: EMVCo References Reference Publication Name SRC Core Specification EMV Secure Remote Commerce Specification SRC API EMV Secure Remote Commerce Specification – API SRC JavaScript SDK EMV Secure Remote Commerce Specification – JavaScript SDK © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page 3 / 10 2 Specification Version Management This Section provides an overview of SRC Specification version management. Specification changes can include specification releases, updates, and clarifications. SRC Specifications identify the specification version using a two-part version number. • Specification Version number format: MAJOR.MINOR • Specification Version number example: 1.0 In the case that bug fixes to a published specification are required, a bulletin release can be made without increasing the version numbering of the specification. However, the SRC API and SRC JavaScript SDK need to reflect those changes in subsequent versions. 2.1 Major Releases A major release occurs when EMVCo has made non-backward compatible changes and uplifts to the SRC Specifications. This signals to the industry that one or more of the EMV Specifications has gone through significant changes that contain modifications which have large impacts on existing systems. This is due to impact of change or better technology, completely different architecture, large extensions to existing architectures, security breaches, destructive modifications or completely new technology concepts requiring different design paradigms. 2.1.1 Numbering Specification version number impact: • Position 1 is incremented • Position 2 is reset to “0” Example: • Previous specification version number: 2.5 • New specification version number: 3.0 2.1.2 Communication EMVCo will publish a notification announcing the scope of the new features for implementation, indicating the target date when the new versions will be published. © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page 4 / 10 2.2 Minor Releases A minor release indicates that EMVCo has made additive changes to the SRC Specifications. Changes introduced by adding new components to an existing specification may enhance existing functionality or provide new functionality. A minor release may include deprecated content to manage non-backward compliant changes. A minor release signals to the industry that the SRC Specifications have added new features for implementation. 2.2.1 Numbering Specification version number impact: • Position 1 has no change • Position 2 is incremented Example: • Previous specification version number: 2.1 • New specification version number: 2.2 2.2.2 Communication EMVCo will publish a notification announcing the scope of the new optional features for implementation. The notification would also indicate the target date as to when the new specification would be published. 2.3 Process The following processes apply to both major and minor release changes. 2.3.1 Associate and Subscriber Input and Feedback All major and minor release changes to the SRC Specifications allow for EMVCo Associates and Subscribers to provide input and feedback on the draft specifications. Once the input and feedback has been finalised, the SRC Specifications will be published as public to the industry. 2.3.2 Documentation SRC Specifications and any related documentation will be updated to the new specification version number and published to the EMVCo website. The SRC Specifications will carry the same specification version number, regardless of whether changes were made within any given document. If changes were not made to a specific document, it will be noted under the document’s change log. © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page 5 / 10 Note that the SRC API and SRC JavaScript SDK may increment specification versions independently. 2.3.3 Communication EMVCo will publish a notification announcing the scope of the new features for implementation, indicating the target date when the new versions will be published. 2.4 Deprecation Process Deprecation defines the process to manage content changes, which may impact backward compatibility. Deprecated content remains in the specification, signalling content which may be deleted over time. Alternative approaches may also be recommended. As discussed in Section 2.2 Minor Releases, example updates which could lead to backward incompatible changes include: • A data element has its conditionality changed (e.g. from "optional" to "required") • An entire complex data element undergoes changes to the structure and conditionality • A service, method or operation is deleted (e.g it is no longer useful) • An entire section in the document is deleted (e.g. contents are outdated or do not serve the purpose) There are also changes which may not result in backward incompatibility. Example updates include: • The conditionality of a data element is changed (e.g. from "optional" to "conditional") • The conditions for a conditional data element is updated The following notations are used to denote deprecation and other changes: • Deprecated items are struck through with the font colour changed to grey (e.g. cardVerificationEntity) and are followed by the word “DEPRECATED” in capitals • Where the deprecated item is replaced by another item (e.g. a data element is deprecated and replaced by an updated data element) then the word “DEPRECATED” is followed by “Replaced by” (in bold, italic font) and the name of the item replacing the deprecated one • Where the conditionality (Required, Conditional, Optional: R/C/O) of a data element is changed, but the data element itself is not deprecated, the following occurs: o The original conditionality is shown as struck through with the new conditionality added afterwards (e.g. OC) © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page 6 / 10 o In the description or notes, the words “Changed from xxx to yyy” are added (in bold, italic font), where xxx is the original conditionality and yyy the new conditionality (e.g. Changed from Optional to Conditional) o If the data element was originally Conditional (C) then the conditionality in the description is shown as struck through with the font colour changed to grey o If the data element is changed to Conditional (C), then the new conditionality is added after the “Changed from…” statement o If the data element remains Conditional (C), but the conditionality changes, then the conditionality in the description is shown as struck through with the font colour changed to grey, and the new conditionality is added after the words “Conditionality changed to” (in bold, italic font) 2.4.1 Example Changes Resulting in Backward Incompatibility Example 1: srcCorrelationId is updated from “optional” to “conditional” { required String srcClientId; conditional String srcDpaId; DEPRECATED optional String srcCorrelationId; replaced by conditional String srcCorrelationId2; optional String serviceId; optional String srciTransactionId; required Address billingAddress; optional Boolean setAsShippingAddress; } Example 2: Backward incompatible updates to a complex data element Data Element verificationData Type: List AssuranceData (excerpt) R/C/O Constraints O See VerificationData Description Set of verification data structures relating to different types of assurance. © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page 7 / 10 Data Element cardVerificationEntity Type: String (Numeric) DEPRECATED R/C/O Constraints O Length = 2 Description Entity performing card verification. Valid values are: • 01 SRC Initiator • 02 SRC System • 03 SRCPI • 04 DCF • 05 DPA • 06 – 99 Others 2.4.2 Example Other Changes In certain cases, conditionality changes of data objects may not require deprecation. Examples are: • Changing the conditionality for data elements from optional to conditional • Changing the conditionality for data elements from conditional to optional • Changing the existing conditionality description for conditional data elements Those changes use “Changed…” as keyword to indicate change. Example 1: Adding the conditionality description for data elements that change from optional to conditional DpaTransactionOptions (excerpt) Data Element merchantCategoryCode Type: String R/C/O Constraints OC Length = 4 Description Describes the merchant’s type of business, product or service Changed from Optional to Conditional Conditionality: Required when 3DS is to be performed by SRC System (i.e. the value of threeDsPreference is set to ONBEHALF) © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page 8 / 10 Example 2: Changing the existing conditionality description for conditional data elements idToken in Checkout response method (excerpt) idToken Type: JWT C A Federated ID Token related to the current SRC Profile Conditionality: Required when: • Requested by the DCF during its processing of the checkout session (e.g. DCF requesting identity validation be performed by the SRC System); or • The unbindAppInstance attribute returned in this response is set to true; or • A new / updated idToken is generated Changed to: Conditionality: Required when: • Requested by the DCF during its processing of the checkout session (e.g. DCF requesting identity validation be performed by the SRC System); or • The unbindAppInstance attribute returned in this response is set to true; or • The bindingStatus attribute returned in this response is of value BIND or UNBIND; or • A new / updated idToken is generated Example 3: Changing transactionAmount from conditional to optional (example only) Data Element transactionAmount Type: TransactionAmount R/C/O Constraints Description CO See The amount of the TransactionAmount transaction Changed from Conditional to Optional Conditionality: Required when 3DS is to be performed by SRC System (i.e. the value of threeDsPreference is set to ONBEHALF) © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page 9 / 10 2.4.3 Deprecation policy The following policy is applied for deprecation: • When deprecated content is not removed in a next minor version update, existing implementations are not impacted by backward incompatibility • EMVCo may remove deprecated content within the next major version publication. 2.5 Bug Fixes A bug fix indicates that EMVCo has made required changes to the SRC Specifications to rectify errors due to oversight, errata, etc. This signals to the industry that immediate updates are required for their SRC software. A bug fix may or may not be backward compatible. Bug fixes will only be made in urgent cases which require immediate action. 2.5.1 Associate and Subscriber Input and Feedback An EMVCo Associates and Subscriber draft review is not required prior to a bulletin release. 2.5.2 Documentation All bug fixes will result in a bulletin which will be published immediately to the industry as a public document. This is a separate document which will not increase the versioning number of the underlying specification. The bulletin will provide a change log from its document of origin. The Bulletin updates will be incorporated into the next major or minor revision of the specification. 2.5.3 Communication EMVCo will publish a bulletin announcing the scope of the bug fix changes for implementation. In addition to the EMVCo bulletin process, push notifications are recommended to the Payments Systems to ensure their customers are aware of the upcoming changes. © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV Secure Remote Commerce Version Management for SRC API and JavaScript SDK Specifications v1.1 Page 10 / 10 *** END OF DOCUMENT *** © 2021-25 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.