EMVCo, the global payment specification body, and the FIDO Alliance, an industry consortium developing open, interoperable authentication standards, have announced they will collaborate and review how FIDO authentication standards can support EMV® payment use cases. A key aim of the initiative is to investigate providing simpler and stronger authentication for cardholders making mobile payments using on-device authenticators, such as biometrics, thereby reducing consumer fraud globally while maintaining a good consumer experience.
A Memorandum of Understanding (MoU) has been signed by the two bodies to guide evaluation and determine how and when payment use cases provided by EMVCo could be incorporated into FIDO Alliance’s technical standards. Initial activities will explore how FIDO’s authentication protocol can be used to support EMVCo’s cardholder verification technology. The outcome of this discovery process will then shape any combined future work efforts.
Jonathan Main, EMVCo Board of Managers Chair, comments: “The payments community wants consumers to benefit from the simplicity of device-based authentication, which could be a fingerprint or facial recognition, for example. As the cardholder’s credentials are stored and processed on the mobile device, it means that the cardholder can be verified even if the device is not connected to a network. This initiative, therefore, enables us to effectively combine EMVCo’s payment industry knowledge with the FIDO Alliance’s authentication expertise to deliver cardholder verification that is convenient for the user, sustainable for the marketplace and most important, highly secure, thereby reducing consumer fraud in the mobile payment space.”
“FIDO standards, solely focused on authentication, were designed to complement other technical body efforts. This partnership with EMVCo is a prime example of how industry bodies can work with the FIDO Alliance to use simpler, stronger FIDO authentication to fulfil their own requirements,” said Brett McDowell, Executive Director of the FIDO Alliance. “With the growing use of EMV mobile payment, there is a real need for cardholder verification that is highly secure but unobtrusive for consumers. FIDO standards address that need, and this joint work with EMVCo has the potential to accelerate the global adoption of mobile authentication standards within the payments community.”
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo.
EMVCo is the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes. Adoption of EMV Specifications and associated approval and certification processes promotes a unified international payments framework, which supports an advancing range of payment methods, technologies and acceptance environments. The specifications are designed to be flexible and can be adapted regionally to meet national payment requirements and accommodate local regulations. EMVCo makes the EMV Specifications available on a royalty-free basis to all industry participants and to the public.
EMVCo is collectively owned by American Express, Discover, JCB, MasterCard, UnionPay and Visa, and focuses on the technical advancement of the EMV Specifications. To provide all payment stakeholders with a platform to engage in its strategic and technical direction, the EMVCo Associates Programme receives significant input from its Business and Technical Associates, which consist of industry participants including issuers, acquirers, payment networks, merchants, manufacturers, technology providers and testing laboratories from numerous countries. Any interested party is able to join EMVCo’s Subscriber Service, which provides access to advance information regarding new developments and draft documents, and the opportunity to provide feedback and input on the work of EMVCo.
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.
The FIDO Alliance Board of Directors includes leading global organizations: Aetna, Inc. (NYSE: AET); Alibaba Holdings (NYSE: BABA); American Express (NYSE: AXP); ARM Holdings plc (LSE: ARM and NASDAQ: ARMH); Bank of America Corporation (NYSE:BAC); BC Card; CrucialTec (KRX: 114120); Daon; Egis; Google (NASDAQ: GOOG); Intel (NASDAQ: INTC); ING (NYSE: ING); Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY); Lenovo (NASDAQ: LNVGY); MasterCard (NYSE: MA); Microsoft (Nasdaq "MSFT"); Nok Nok Labs, Inc.; NTT DOCOMO, INC. (NYSE: DCM); NXP Semiconductors N.V. (NASDAQ:NXPI); Oberthur Technologies OT; PayPal (NASDAQ:PYPL); Qualcomm, Inc. (Nasdaq: QCOM); RSA®; Samsung Electronics, Ltd (KOSCOM: SECL); Synaptics (NASDAQ: SYNA); USAA; VASCO Data Security International, Inc. (NASDAQ: VDSI); Visa Inc. (NYSE: V); Yubico.