25 November 2017
visit www.avoka.com

Fido Alliance partners EMVCo on mobile payments security

24 October 2016  |  4521 views  |  0 Source: Fido Alliance

Fido Alliance, the industry consortium developing open, interoperable authentication standards, announced today that it will work with EMVCo to add convenience and security to in-store and in-app EMV®-compliant mobile payments.

The FIDO Alliance will develop a new technical specification into its FIDO authentication suite to fulfill use cases provided by EMVCo. The specification will provide a standard way for mobile wallet providers and payment application developers to support Consumer Device Cardholder Verification Method (CDCVM)1, enabling consumers to conveniently use on-device FIDO® Certified authenticators -- such as a fingerprint or "selfie" biometrics -- to securely verify their presence when making an in-store or in-app mobile payment.

To enable this capability, the new FIDO Alliance specification will be developed as an extension specification to the Web Authentication specification already in development by the World Wide Web Consortium (W3C). The Web Authentication specification, based on three technical specifications submitted by the FIDO Alliance last year, will define a standard web API to enable web applications to move beyond passwords and offer FIDO strong authentication across all web browsers and related web platform infrastructure. With this new specification, the same FIDO-compliant devices used to authenticate users on the web will also be able to fulfill payment networks' CDCVM requirements for mobile payment, giving device manufacturers yet another reason to ship their devices with support for FIDO authentication.

For mobile wallet providers and payment application developers, the development of this specification intends to greatly simplify the development and support for CDCVM across mobile devices and other platforms.

"Today, mobile wallet providers and payment application developers need to custom-build support for CDCVM across mobile devices. This is a huge challenge given the fragmentation in the mobile ecosystem -- there are more than a thousand manufacturers for Android alone," said Brett McDowell, executive director of the FIDO Alliance. "This new specification will enable mobile payment stakeholders to FIDO-enable their applications and get the added benefit of built-in support for CDCVM on every FIDO-compliant mobile device. The mobile industry is rapidly adopting FIDO authentication, with FIDO Certified solutions already available on flagship mobile devices from six of the top 10 mobile handset manufacturers."

The new FIDO specification will also add another layer of convenience to the consumer mobile payment experience by providing mobile payment applications with additional risk management information, ultimately reducing the number of times that a consumer needs to authenticate themselves in order to approve a payment within a given time period. For example, when the mobile payment application calls the FIDO authenticator, it can check the last time the user was verified by the authenticator. If that falls within the requirements for CDCVM, the payment will be authorized without any additional interaction with the user. The FIDO Alliance also sees the potential for this capability to be extended to use cases beyond payments, including for VPN access, rights managements and workflow management.

W3C Strategy Lead Wendy Seltzer commented, "W3C is pleased to support this FIDO Alliance extension as yet another example of the growing and vibrant authentication ecosystem enabled through our Web Authentication API, currently under development by the WebAuthn Working Group."

Brett McDowell made this announcement this morning at Money20/20, being held this week through Oct. 26 in Las Vegas. Attendees looking to learn more about the FIDO Alliance's efforts to help the financial services industry deploy stronger, simpler authentication should stop by the FIDO Ecosystem Pavilion on the show floor, booth #2843. 

Comments: (0)

Comment on this story (membership required)

Related blogs

Create a blog about this story (membership required)
visit www.solutions.lexisnexis.comvisit https://www.niceactimize.comvisit www.aciworldwide.com

Top topics

Most viewed Most shared
Sepa instant payments goes liveSepa instant payments goes live
10965 views comments | 46 tweets | 79 linkedin
ING brings data privacy to blockchain transactionsING brings data privacy to blockchain tran...
9529 views comments | 25 tweets | 37 linkedin
hands typing furiouslyHow Fintech Companies are disrupting the C...
8197 views 0 | 20 tweets | 9 linkedin
Axis Bank uses Ripple to open new payment corridors between the UAE and SingaporeAxis Bank uses Ripple to open new payment...
8120 views comments | 8 tweets | 22 linkedin
UK Open Banking expanded to cover all PSD2 productsUK Open Banking expanded to cover all PSD2...
7800 views comments | 21 tweets | 47 linkedin

Featured job

Competitive base, double ote, benefits
London, UK

Find your next job