Source: FIDO Alliance
EMVCo, the global technical body that manages the EMV Specifications, and the FIDO Alliance, an industry consortium developing open, interoperable authentication standards, have expanded their collaboration to include a work item to define in detail how EMV 3-D Secure (3DS) messages may be used to pass FIDO authenticator attestation data and signatures in a manner that is both scalable and interoperable across the EMV payments ecosystem.
This work builds upon the pre-existing liaison relationship between the organisations. The initial collaboration focused on how FIDO’s authentication protocol can be used to support EMVCo’s cardholder verification technology, leading to User Verification Caching (UVC) extensions of the FIDO specifications. UVC allows an app to specify user caching time -- i.e., how long a user who has already been verified by his/her authenticator can wait before being required to re-authenticate.
“The EMV 3DS Specification promotes more secure, consistent consumer e-commerce transactions across browser and in-app channels, while optimising the cardholder’s experience,” comments Cheryl Mish, EMVCo Board of Managers Chair. “Incorporating support for the FIDO Authentication protocol will provide stronger authentication, enhance transaction security and provide a more convenient and simpler authentication experience for cardholders. Our expanded collaboration with FIDO will support EMVCo’s efforts to deliver a consistent and more secure global solution that will be less likely to compromise user experience.”
“FIDO’s approach to modern authentication has taken root in devices around the world, and we’re happy to work with EMVCo to further expand this paradigm into the EMV payments arena,” said Brett McDowell, executive director of FIDO Alliance. “By ensuring interoperability of privacy-respecting authentication metadata between merchants, payment service providers, and banks in a 3DS transaction, fraud risk is reduced whenever FIDO Certified devices are used.”