MasterCard has become the first payment network to join the Fast IDentity Online Alliance, which aims to improve online payment security through the use of common technology across browsers, applications and servers.
The move echoes MasterCard's involvement in a similar initiative with Visa and American Express to replace the use of account numbers with a secure token for online and mobile purchases.
Such partnerships will help the card network "deliver strong security for consumers, merchants and issuers, as well as a great consumer experience," Ed McLaughlin, chief emerging payments officer at MasterCard, says in an emailed statement.
"As consumers continue to interact across smarter devices and new technologies beyond the traditional plastic card, we're committed to continue to deliver simpler, better and more secure payment experiences," he says.
MasterCard's involvement in FIDO is "a signal that payments companies are recognizing the changing times in authentication technology," says industry analyst Todd Ablowitz, president of Centennial, Colo.-based Double Diamond Group, LLC.
However, MasterCard's involvement does not signal its choice of any particular technology. "To read anything more into it is probably premature at this time," he adds.
The alliance may indicate MasterCard's exploration of biometric authentication, according to USA Today, which reported MasterCard's involvement with FIDO on Oct. 2.
Biometric technology has a high priority in FIDO's work, says Sebastien Taveau, chief technology officer for Validity and a founding FIDO Alliance board member.
"In a world of multi-factor authentication and the release of mobile devices with [fingerprint readers], FIDO specifications will certainly enable more biometrics in the marketplace," Taveau states in an e-mail.
Several payments companies have already explored the use of biometrics as an authentication method. Discover began testing fingerprint scanners at its Riverwoods, Ill., headquarters in 2012. Years ago, the now-defunct Solidus Networks deployed its Pay By Touch fingerprint readers at grocery store checkout lanes. And most recently, Apple's iPhone 5s allows consumers to authorize iTunes purchases through its built-in fingerprint sensor.
Apple is not a part of the FIDO Alliance, but Google is. Google, which already adds Near Field Communication chips to its phones and supports NFC in its Google Wallet app, has stated that its Android smartphones will additionally support fingerprint scanning next year, according to the USA Today article.
Ablowitz says the payments industry needs to keep a close eye on how the fingerprint scanners on phones could benefit payments security.
"I use my iPhone 5s every day with my finger on the home button, and it is really beautiful," Ablowitz says. Fingerprint authorization on a phone "feels very convenient," a trait that could change how the payments industry looks at biometrics, he adds.
"A long time ago, consumers were afraid of biometrics, thinking that their fingerprint scan could somehow be sent to someone else," Ablowitz says. "But it is no surprise that technology was put into that model [for phone authorization] on a personal device, and it illustrates that the challenge [in payments] will be in the business model."
Google is a "board level" member of FIDO, alongside PayPal, Blackberry, CrucialTec, Lenovo, Nok Nok Labs, NXP Semiconductors, Validity and Yubico. Numerous other companies make up FIDO's sponsor or associate-level memberships.
Nok Nok Labs currently operates the only fully FIDO-enabled server, enabling authentication through various channels or devices.
FIDO's specifications support numerous authentication technologies, including fingerprint scanners, voice and facial recognition, as well as existing standards such as trusted platform modules, USB security tokens, NFC and one-time passwords.
As such, FIDO specifications are designed to embrace the full scope of strong authentication options and make sure all methods and devices become interoperable under a single framework, Taveau says.
"FIDO specifications ensure that payment providers such as MasterCard have authentication choice and control according to what works best for them to manage their risk and simplify their customers' experience," Taveau says.