As leaders in authentication and payments spaces respectively, the FIDO Alliance and EMVCo collaborate to provide guidance on how FIDO authentication can be incorporated in payment use-cases allowing merchants, acquirers/PSPs and issuers to have a consistent way to submit and process FIDO authentication data.
EMVCo released a white paper with FIDO Alliance’s inputs, “EMV® 3-D Secure White Paper – Use of FIDO® Data in 3-D Secure Messages,” which explains how the use of FIDO authentication data in EMV 3DS messages can streamline e-commerce checkout while reducing friction for consumers.
Authentication flows are evolving, and merchants are increasingly building seamless experiences based on FIDO standards for device-based authentication, where a trusted device is bound to a payment credential to ensure the credential is being used by the verified cardholder. Consequently, it has become apparent that in some scenarios the issuer may require more data to assess risk and validate the authentication cryptographically.
This paper addresses these scenarios by providing a data structure that allows for a chain of trust to be established between cardholder authentication, FIDO enrolments and FIDO authentication, hence giving issuers increased control and insight into the authentication process as well as validate authentication.
In the EU, where payment authentication is required as per PSD2 SCA, this industry-wide guidance can provide assistance to enabling more device-based authentication in a standardized way using globally known authentication standards such as FIDO while using widely accepted authentication rails such as EMVCo.
Read the full white paper on the EMVCo website to learn more.
