September 29, 2020

Technical Note: FIDO Authentication and EMV 3-D Secure – Using FIDO for Payment Authentication

The FIDO Alliance defines standards that enable strong consumer authentication and seeks to use those standards to improve security on the internet. EMV 3-D Secure (EMV 3DS) is a payment industry standard for performing consumer verification and authentication within the context of online payments via credit cards. EMV 3DS also standardizes payment transaction information which is sent from a merchant to the issuing bank and includes data about the cardholder account, payment environment, and actions taken during payment. Using this data, the card issuing bank or a party operating on their behalf can perform transaction risk assessment and minimize the need to apply unnecessary friction to a payment transaction when it is deemed low risk. This is also known as “frictionless authentication” within the EMV 3DS standard. 

This document focuses on the role of the merchant as the FIDO or WebAuthn relying party and defines the methods for the merchant to leverage EMV 3DS as the conduit to report FIDO Authentication Data to the issuing bank. This data, along with the other transaction details sent using EMV 3DS messaging via the 3DS Authentication Request message, can help ensure minimized friction through risk-based authentication at the time of online payment. Although the resultant assurance level is reduced using this method, as opposed to an issuer-managed credential, and it will need to be viewed within the context of the entire EMV 3DS message, it can provide an approach that can be more easily deployed at scale than issuer-managed FIDO Authentication methods. 

MORE Implementation & Deployment

Cambridge Housing Authority’s Road to FIDO

The Challenge: At the Authenticate 2021 event, Jay Leslie, CIO...

May 20, 2022

White Paper: Multi-Device FIDO Credentials

The FIDO standards, together with their companion WebAuthn specification, are...

March 17, 2022

White Paper: Choosing FIDO Authenticators for Enterprise Use Cases 

Secure access to online applications and services has evolved into...

March 12, 2022

PLUSCARD uses FIDO as Innovative Alternative to App-based Payment Authentication

Overview PLUSCARD, a full-service processor for 140 financial institutions across...

October 29, 2021
Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.