September 29, 2020

Technical Note: FIDO Authentication and EMV 3-D Secure – Using FIDO for Payment Authentication

The FIDO Alliance defines standards that enable strong consumer authentication and seeks to use those standards to improve security on the internet. EMV 3-D Secure (EMV 3DS) is a payment industry standard for performing consumer verification and authentication within the context of online payments via credit cards. EMV 3DS also standardizes payment transaction information which is sent from a merchant to the issuing bank and includes data about the cardholder account, payment environment, and actions taken during payment. Using this data, the card issuing bank or a party operating on their behalf can perform transaction risk assessment and minimize the need to apply unnecessary friction to a payment transaction when it is deemed low risk. This is also known as “frictionless authentication” within the EMV 3DS standard. 

This document focuses on the role of the merchant as the FIDO or WebAuthn relying party and defines the methods for the merchant to leverage EMV 3DS as the conduit to report FIDO Authentication Data to the issuing bank. This data, along with the other transaction details sent using EMV 3DS messaging via the 3DS Authentication Request message, can help ensure minimized friction through risk-based authentication at the time of online payment. Although the resultant assurance level is reduced using this method, as opposed to an issuer-managed credential, and it will need to be viewed within the context of the entire EMV 3DS message, it can provide an approach that can be more easily deployed at scale than issuer-managed FIDO Authentication methods. 

MORE Implementation & Deployment

White Paper: Using FIDO for the EUDI Wallet

This white paper describes the eIDAS2 ecosystem and how to...

April 20, 2023

SK Telecom announces adoption of passkeys for online users in Korea

By Joon Hyuk Lee, APAC Market Development Director, FIDO Alliance...

March 26, 2023

Yahoo! JAPAN announces support for passkeys across available platforms

By Andrew Shikiar, Executive Director and CMO, FIDO Alliance  Yahoo!...

March 14, 2023

Cloudflare embraces FIDO to help its own security

THE CHALLENGE:Improving Employee Access with Zero Trust When Cloudflare started...

March 2, 2023