EMVCo collaborates with FIDO Alliance and PCI to improve remote payment standardisation

  • FIDO Developing mPayment Standard with EMVCo

  • FIDO aim to support CDCVM with authentication standard

  • EMVCo and PCI partner on payment authentication

  • Collaboration to support launch 3DS 2.0

Sources: FindBiometrics; Business Insider

 

 

Point of View

At the recent Money2020 show in Las Vegas, the FIDO Alliance announced working with EMVCo on the development of a new standard to incorporate EMVCo’s consumer device cardholder verification method (CDCVM) into its authentication suite. FIDO standards are recognised within World Wide Web Consortium (W3C) as an extension to their standards for authentication. With good traction across vendors, this initiative should bring together representatives of the organisations that are in a position to specify what technologies compromise interoperable and secure remote payments.

 

In a separate development, EMVCo and PCI have announced that their security teams will be working together to improve testing and certification of solutions for the new version of 3D Secure 2.0 (3DS 2.0). As 3DS 2.0 is a more complex architecture for a merchant, splitting the merchant plug-in into client and server components, and clearer testing and certification is desirable.

 

It is not entirely clear the relationship the above announcements have with another key standardisation effort being undertaken by W3C. The W3C Payments Working Group have undertaking to develop standards that allow different types of remote payments to be supported through a common payments API, which, if adopted, will be available in all compliant browsers and web infrastructure. However, the stated aims of the group are to support all types of payment (from cards to bitcoin) and so it is expected that the complexity of a payment and its authentication methods will be abstracted to allow it to be incorporated. This group is in relatively early stages, with an early draft of the standard available.

 

 

Implications

FIDO Alliance, W3C and EMVCo represent the key standards bodies from the different communities of payments, browsers and device vendors. Recognising and building on each others work has the potential to address fragmentation, across consumer devices and merchant server software, and bring interoperable secure remote payments solutions to market. And, by working with PCI and FIDO Alliance, EMVCo can improve the certification of remote authentication and payment solutions and help remove uncertainty from deployments.

 

These initiatives promise interoperable in-app and in-browser remote payments that are as secure as card present payments, with the convenience and engagement of mobile or other consumer-owned device. Over time, these developments should help to address the rise of card-not-present (CNP) fraud and allow remote payments to extend in-store, giving merchants new ways to service customers.

 

The opinions and views expressed in this publication are those of the authors exclusively and do not purport to reflect the opinions, views or official policy position of AusPayNet or its members. This publication is also subject to the AusPayNet Terms of Use and Privacy Policy available on the AusPayNet website.

 

Please reload

Consumer
Centric
Technology and Innovation
Policy and 
Regulation
ARCHIVES
Please reload

Disclaimer

The opinions and views expressed in this publication are those of the authors exclusively and do not purport to reflect the opinions, views or official policy position of AusPayNet or its members. This publication is also subject to the AusPayNet Terms of Use and Privacy Policy available on the AusPayNet website.

 

Copyright © 2017 AusPayNet. All rights reserved.  

Read full Terms of Use

Privacy Statement