FIDO, EMVCo Prep for Pay-by-Selfie Era

FIDO, EMVCo Prep for Pay-by-Selfie Era

As things like pay-by-selfie hit the commercial market, the FIDO Alliance and card issuer consortium EMVCo have decided to align their efforts to produce a new mobile payment specification.

The two groups announced at Money20/20 that they will work to add convenience and security to in-store and in-app EMV-compliant mobile payments. The spec is an extension to the Web Authentication specification already in development by the World Wide Web Consortium (W3C), which will enable FIDO strong authentication across all web browsers and related web platform infrastructure.

For one, FIDO is developing new specifications based on EMVCo use cases that will provide a standard way for mobile wallet providers and payment application developers to support Consumer Device Cardholder Verification Method (CDCVM). That move will make it easier for consumers to use on-device FIDO Certified authenticators—such as a fingerprint or selfie biometrics—to securely verify their presence when making an in-store or in-app mobile payment.

"Today, mobile wallet providers and payment application developers need to custom-build support for CDCVM across mobile devices,” explained Brett McDowell, executive director of the FIDO Alliance. “This is a huge challenge given the fragmentation in the mobile ecosystem. There are more than a thousand manufacturers for Android alone.”

The new specification will also provide mobile payment applications with additional risk management information, ultimately reducing the number of times that a consumer needs to authenticate themselves in order to approve a payment within a given time period.

"This new specification will enable mobile payment stakeholders to FIDO-enable their applications and get the added benefit of built-in support for CDCVM on every FIDO-compliant mobile device,” McDowell said. “The mobile industry is rapidly adopting FIDO authentication, with FIDO Certified solutions already available on flagship mobile devices from six of the top 10 mobile handset manufacturers."

Wendy Seltzer, W3C strategy lead, added, "W3C is pleased to support this FIDO Alliance extension as yet another example of the growing and vibrant authentication ecosystem enabled through our Web Authentication API, currently under development by the WebAuthn Working Group."

Photo © VGstockstudio

Source: Information Security Magazine