FIDO Developing mPayment Standard with EMVCo
FIDO aim to support CDCVM with authentication standard
EMVCo and PCI partner on payment authentication
Collaboration to support launch 3DS 2.0
Sources: FindBiometrics; Business Insider
Point of View
At the recent Money2020 show in Las Vegas, the FIDO Alliance announced working with EMVCo on the development of a new standard to incorporate EMVCo’s consumer device cardholder verification method (CDCVM) into its authentication suite. FIDO standards are recognised within World Wide Web Consortium (W3C) as an extension to their standards for authentication. With good traction across vendors, this initiative should bring together representatives of the organisations that are in a position to specify what technologies compromise interoperable and secure remote payments.
In a separate development, EMVCo and PCI have announced that their security teams will be working together to improve testing and certification of solutions for the new version of 3D Secure 2.0 (3DS 2.0). As 3DS 2.0 is a more complex architecture for a merchant, splitting the merchant plug-in into client and server components, and clearer testing and certification is desirable.
It is not entirely clear the relationship the above announcements have with another key standardisation effort being undertaken by W3C. The W3C Payments Working Group have undertaking to develop standards that allow different types of remote payments to be supported through a common payments API, which, if adopted, will be available in all compliant browsers and web infrastructure. However, the stated aims of the group are to support all types of payment (from cards to bitcoin) and so it is expected that the complexity of a payment and its authentication methods will be abstracted to allow it to be incorporated. This group is in relatively early stages, with an early draft of the standard available.
FIDO Alliance, W3C and EMVCo represent the key standards bodies from the different communities of payments, browsers and device vendors. Recognising and building on each others work has the potential to address fragmentation, across consumer devices and merchant server software, and bring interoperable secure remote payments solutions to market. And, by working with PCI and FIDO Alliance, EMVCo can improve the certification of remote authentication and payment solutions and help remove uncertainty from deployments.
These initiatives promise interoperable in-app and in-browser remote payments that are as secure as card present payments, with the convenience and engagement of mobile or other consumer-owned device. Over time, these developments should help to address the rise of card-not-present (CNP) fraud and allow remote payments to extend in-store, giving merchants new ways to service customers.