For three years, the Fast Identity Online Alliance has focused on replacing static passwords through stronger device authentication technology, with a long-term goal of translating those advancements into payment security as well.
That time has come, and FIDO is working with EMVCo — the global payment specification and standards body for chip-card transactions — to determine how FIDO authentication can support EMV payment use cases.
The two industry consortiums will investigate providing simpler and stronger authentication for cardholders making mobile payments using on-device authenticators such as biometrics to reduce consumer fraud globally. The first step will be exploring how FIDO's authentication protocol can be used to support EMVCo cardholder verification.
“The payments community wants consumers to benefit from the simplicity of device-based authentication, which could be a fingerprint or facial recognition, for example," Jonathan Main, EMVCo board of managers chairman, said in a July 12 press release. "As the cardholder’s credentials are stored and processed on the mobile device, it means that the cardholder can be verified even if the device is not connected to a network."
The initiative effectively combines EMVCo’s payment industry knowledge with FIDO Alliance’s authentication expertise to deliver cardholder verification that is convenient, sustainable for the marketplace and highly secure, he added.
Brett McDowell, executive director of the FIDO Alliance, acknowledged that FIDO standards focused solely on authentication were designed to complement other technical body efforts.
"This partnership with EMVCo is a prime example of how industry bodies can work with the FIDO Alliance" for stronger authentication that doesn't alter the user experience, McDowell said in the release.
EMVCo is collectively owned by American Express, Discover, JCB, MasterCard, UnionPay and Visa, while FIDO Alliance has numerous mobile and security technology members, including Nok Nok Labs and Oberthur Technologies.
In the past year, since establishing its certification for a FIDO-approved standard, the alliance has developed 200 solutions that eliminate traditional passwords.