September 29, 2020

Technical Note: FIDO Authentication and EMV 3-D Secure – Using FIDO for Payment Authentication

The FIDO Alliance defines standards that enable strong consumer authentication and seeks to use those standards to improve security on the internet. EMV 3-D Secure (EMV 3DS) is a payment industry standard for performing consumer verification and authentication within the context of online payments via credit cards. EMV 3DS also standardizes payment transaction information which is sent from a merchant to the issuing bank and includes data about the cardholder account, payment environment, and actions taken during payment. Using this data, the card issuing bank or a party operating on their behalf can perform transaction risk assessment and minimize the need to apply unnecessary friction to a payment transaction when it is deemed low risk. This is also known as “frictionless authentication” within the EMV 3DS standard. 

This document focuses on the role of the merchant as the FIDO or WebAuthn relying party and defines the methods for the merchant to leverage EMV 3DS as the conduit to report FIDO Authentication Data to the issuing bank. This data, along with the other transaction details sent using EMV 3DS messaging via the 3DS Authentication Request message, can help ensure minimized friction through risk-based authentication at the time of online payment. Although the resultant assurance level is reduced using this method, as opposed to an issuer-managed credential, and it will need to be viewed within the context of the entire EMV 3DS message, it can provide an approach that can be more easily deployed at scale than issuer-managed FIDO Authentication methods. 

MORE Implementation & Deployment

Authenticator Certification Hits a New Milestone with First L3+

By: FIDO Alliance staff A major milestone has been realized,...

April 5, 2021

eBay’s Journey to Passwordless with FIDO

A global commerce leader connecting millions of buyers and sellers...

March 3, 2021

National Health Service uses FIDO Authentication for Enhanced Login

To make it easier and faster for patients throughout England...

February 24, 2021

White Paper: Considerations for Deploying FIDO Servers in the Enterprise

Today, secure access to online applications and services has evolved...

October 21, 2020
Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.