EMVCo and the FIDO Alliance to Address FIDO Authentication in
EMV® 3-D Secure Use Cases
Amsterdam (Money 20/20 Europe), June 4, 2018 – EMVCo, the global technical body that manages the EMV® Specifications, and the FIDO Alliance, an industry consortium developing open, interoperable authentication standards, have expanded their collaboration to include a work item to define in detail how EMV 3-D Secure (3DS) messages may be used to pass FIDO authenticator attestation data and signatures in a manner that is both scalable and interoperable across the EMV payments ecosystem.
This work builds upon the pre-existing liaison relationship between the organizations. The initial collaboration focused on how FIDO’s authentication protocol can be used to support EMVCo’s cardholder verification technology, leading to User Verification Caching (UVC) extensions of the FIDO specifications. UVC allows an app to specify user caching time — i.e., how long a user who has already been verified by his/her authenticator can wait before being required to re-authenticate.
“The EMV 3DS Specification promotes more secure, consistent consumer e-commerce transactions across browser and in-app channels, while optimizing the cardholder’s experience,” comments Cheryl Mish, EMVCo Board of Managers Chair. “Incorporating support for the FIDO Authentication protocol will provide stronger authentication, enhance transaction security and provide a more convenient and simpler authentication experience for cardholders. Our expanded collaboration with FIDO will support EMVCo’s efforts to deliver a consistent and more secure global solution that will be less likely to compromise user experience.”
“FIDO’s approach to modern authentication has taken root in devices around the world, and we’re happy to work with EMVCo to further expand this paradigm into the EMV payments arena,” said Brett McDowell, executive director of FIDO Alliance. “By ensuring interoperability of privacy-respecting authentication metadata between merchants, payment service providers, and banks in a 3DS transaction, fraud risk is reduced whenever FIDO Certified devices are used.”
– ENDS –
Notes to Editors
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.
EMVCo is the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes. EMV is a technology toolbox that enables globally interoperable secure payments across face-to-face and remote environments. Adoption of EMV Specifications and associated approval and certification processes promotes a unified international payments framework, which supports an advancing range of payment methods, technologies and acceptance environments. The specifications are available royalty free, designed to be flexible, and can be adapted regionally to meet national payment requirements and accommodate local regulations.
EMVCo is collectively owned by American Express, Discover, JCB, Mastercard, UnionPay and Visa, and focuses on the technical advancement of the EMV Specifications. To provide all payment stakeholders with a platform to engage in its strategic and technical direction, EMVCo operates an Associates Programme and encourages all interested parties to get involved.
About The FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.
The Verge: You can now sign into a Microsoft Account without a password using a security key
Microsoft is the first company to support passwordless authentication using...November 20, 2018
Bank Info Security: State of the Authentication Landscape
In this Bank Info Security article, Shane Weeden, an authentication...November 6, 2018
Tech Target: How can U2F authentication end phishing attacks?
Tech Target reports on Google’s adoption of FIDO U2F security...November 5, 2018