20 March 2018
visit www.nextgenbanking.co.uk

Fido Alliance partners EMVCo on mobile payments security

24 October 2016  |  4569 views  |  0 Source: Fido Alliance

Fido Alliance, the industry consortium developing open, interoperable authentication standards, announced today that it will work with EMVCo to add convenience and security to in-store and in-app EMV®-compliant mobile payments.

The FIDO Alliance will develop a new technical specification into its FIDO authentication suite to fulfill use cases provided by EMVCo. The specification will provide a standard way for mobile wallet providers and payment application developers to support Consumer Device Cardholder Verification Method (CDCVM)1, enabling consumers to conveniently use on-device FIDO® Certified authenticators -- such as a fingerprint or "selfie" biometrics -- to securely verify their presence when making an in-store or in-app mobile payment.

To enable this capability, the new FIDO Alliance specification will be developed as an extension specification to the Web Authentication specification already in development by the World Wide Web Consortium (W3C). The Web Authentication specification, based on three technical specifications submitted by the FIDO Alliance last year, will define a standard web API to enable web applications to move beyond passwords and offer FIDO strong authentication across all web browsers and related web platform infrastructure. With this new specification, the same FIDO-compliant devices used to authenticate users on the web will also be able to fulfill payment networks' CDCVM requirements for mobile payment, giving device manufacturers yet another reason to ship their devices with support for FIDO authentication.

For mobile wallet providers and payment application developers, the development of this specification intends to greatly simplify the development and support for CDCVM across mobile devices and other platforms.

"Today, mobile wallet providers and payment application developers need to custom-build support for CDCVM across mobile devices. This is a huge challenge given the fragmentation in the mobile ecosystem -- there are more than a thousand manufacturers for Android alone," said Brett McDowell, executive director of the FIDO Alliance. "This new specification will enable mobile payment stakeholders to FIDO-enable their applications and get the added benefit of built-in support for CDCVM on every FIDO-compliant mobile device. The mobile industry is rapidly adopting FIDO authentication, with FIDO Certified solutions already available on flagship mobile devices from six of the top 10 mobile handset manufacturers."

The new FIDO specification will also add another layer of convenience to the consumer mobile payment experience by providing mobile payment applications with additional risk management information, ultimately reducing the number of times that a consumer needs to authenticate themselves in order to approve a payment within a given time period. For example, when the mobile payment application calls the FIDO authenticator, it can check the last time the user was verified by the authenticator. If that falls within the requirements for CDCVM, the payment will be authorized without any additional interaction with the user. The FIDO Alliance also sees the potential for this capability to be extended to use cases beyond payments, including for VPN access, rights managements and workflow management.

W3C Strategy Lead Wendy Seltzer commented, "W3C is pleased to support this FIDO Alliance extension as yet another example of the growing and vibrant authentication ecosystem enabled through our Web Authentication API, currently under development by the WebAuthn Working Group."

Brett McDowell made this announcement this morning at Money20/20, being held this week through Oct. 26 in Las Vegas. Attendees looking to learn more about the FIDO Alliance's efforts to help the financial services industry deploy stronger, simpler authentication should stop by the FIDO Ecosystem Pavilion on the show floor, booth #2843. 

Comments: (0)

Comment on this story (membership required)

Related blogs

Create a blog about this story (membership required)
visit www.ebaday.comVisit www.vasco.com

Top topics

Most viewed Most shared
Can banks be a threat to Big Tech?Can banks be a threat to Big Tech?
9920 views comments | 29 tweets | 39 linkedin
hands typing furiouslyBitcoin at 50,000 USD?
9853 views 0 | 5 tweets | 3 linkedin
Indian fintech sector needs regulatory support to flourishIndian fintech sector needs regulatory sup...
9231 views comments | 10 tweets | 8 linkedin
Barclays partners seven watch brands for contactless timepiecesBarclays partners seven watch brands for c...
8461 views comments | 14 tweets | 26 linkedin
Barclays propels Coinbase into Faster PaymentsBarclays propels Coinbase into Faster Paym...
7692 views comments | 15 tweets | 29 linkedin

Featured job

Hong Kong, Asia-Pacific

Find your next job