Use of biometrics for 3-D Secure payments explained in EMVCo and FIDO Alliance paper
Global payments technology body EMVCo has published a white paper to help guide merchants and issuers adopting FIDO authentication via biometrics or physical tokens with the EMV 3-D Secure protocol for reduced friction and fraud in online payments.
The ‘Use of FIDO Data in 3-D Secure Messages’ is a 13-page white paper was developed in collaboration with the FIDO Alliance, and demonstrates how FIDO authentication data can be used to attest that strong customer authentication (SCA) initiated by the merchant has been carried out in EMV payment use cases. The white paper is available for free from EMVCo’s website.
Beginning with explanations of 3-D Secure and the FIDO Alliance and the partnership they formed in 2018, the organizations explain how FIDO authentication standards can support EMV payments to help fight fraud, and how EMV 3DS messages can be used to transmit FIDO authenticator attestation data.
The white paper sets out the six different types of attestation data defined now by the FIDO Alliance. They are the public key, Authenticator Attestation Globally Unique ID (AAGUID) FIDO2 identifier, Authenticator Attestation ID (AAID) UAF, user verification and user presence, which are where biometrics come in, and the flag “UsedForThisTransaction.”
“Outlining exactly how the data can be used by card issuers to analyse merchant-initiated FIDO Authentication as part of their risk evaluations, can increase authorisation approval rates, streamline online checkout and reduce fraud,” comments Junya Tanaka, Chair of the EMVCo Executive Committee. “Analysing the use of FIDO data in EMV 3DS transactions is just the first step in the joint work efforts between EMVCo and FIDO Alliance, and we look forward to continued collaboration to enable consistency, convenience and additional security for EMV payment use cases and beyond.”
FIDO Alliance Executive Director and COO Christina Hulka says the paper and an accompanying technical note from the Alliance direct ecommerce merchants on how to improve security, enhance user experiences, and achiever higher overall approval rates from customers.
The organizations plan to continue their joint efforts.
Apple recently began encouraging developers to begin testing to implement FIDO2 authentication for biometrics or token-based web logins.