EMVCo, FIDO seeking stronger authentication

Payments industry leaders are optimistic that a new collaboration between EMVCo and the Fast IDentity Online (FIDO) Alliance, disclosed in July 2016, will help facilitate widespread adoption of biometric authentication schemes. The two global bodies entered into a memorandum of understanding designed to help simplify mobile payments authentication methods to mitigate online fraud without complicating the user experience.

"The payments community wants consumers to benefit from the simplicity of device-based authentication, which could be a fingerprint or facial recognition, for example," said Jonathan Main, EMVCo Board of Managers Chair. Main noted that advanced forms of authentication are not depended on Internet connectivity; cardholders can verify themselves even when their devices are not connected to a network.

"This initiative, therefore, enables us to effectively combine EMVCo's payment industry knowledge with the FIDO Alliance's authentication expertise to deliver cardholder verification that is convenient for the user, sustainable for the marketplace and most important, highly secure, thereby reducing consumer fraud in the mobile payment space," Main said.

Collectively owned by American Express Co., Discover Financial Services, JCB International Credit Card Co. Ltd., Mastercard, China UnionPay and Visa Inc., EMVCo manages EMV (Europay, Mastercard and Visa) specifications, adapting when necessary in response to regional regulations.

EMVCo Associates work closely with the global body's business and technical teams to create flexible and sustainable standards that stand the test of time. Members include payment card issuers, acquirers, networks, merchants, manufacturers, technology providers and testing laboratories from numerous countries. Any payments industry stakeholder may subscribe to receive EMVCo updates, which include advance notifications of new developments and draft documents.

Leveraging personal identifiers

Formed in July 2012, the FIDO Alliance is committed to developing strong, interoperable authentication technologies to eliminate the need for users to create and memorize multiple usernames and passwords. The global body is focused on changing the nature of authentication through standards that simplify and strengthen authentication within an open, scalable, interoperable framework. The many forms of FIDO authentication share common attributes of heightened security, privacy, and simplified user interfaces for authenticating users of online services.

FIDO Alliance members include Aetna Inc., Alibaba Holdings, American Express Co., ARM Holdings, Bank of America Corp., BC Card, CrucialTec, Daon, Egis, Google Inc., Intel, ING, Infineon Technologies AG, Lenovo, Mastercard, Microsoft, Nok Nok Labs Inc., NTT DOCOMO Inc., NXP Semiconductors N.V., Oberthur Technologies OT, PayPal, QualComm Inc., Samsung Electronics Ltd., Synaptics, USAA, VASCO Data Security International Inc., Visa Inc. and Yubico. "FIDO standards, solely focused on authentication, were designed to complement other technical body efforts," said Brett McDowell, Executive Director of the FIDO Alliance. "This partnership with EMVCo is a prime example of how industry bodies can work with the FIDO Alliance to use simpler, stronger FIDO authentication to fulfil their own requirements.

"With the growing use of EMV mobile payment, there is a real need for cardholder verification that is highly secure but unobtrusive for consumers. FIDO standards address that need, and this joint work with EMVCo has the potential to accelerate the global adoption of mobile authentication standards within the payments community."

Selfie 2.0

One popular form of biometric authentication is the selfie photo, a common feature on numerous smartphones and feature phones. End users can use the method to verify their identities when logging into to websites from mobile devices. EyeVerify, a FIDO Alliance member, has registered millions of users to its mobile app Eyeprint ID. The app is designed to securely open mobile devices, log into websites and apps and protect mobile payments. The company also provides a software development kit to enable developers to integrate the biometric with third-party applications.

The company mentioned the following additional benefits of its biometric technology:

• Enhanced security and convenience: Eyeprints are embedded into mobile devices, protecting them from theft and loss. Each ID is unique to the user, and verification takes less than a second. User data never leaves the device and is further protected by high-entropy encryption.

• Software-only, smartphone authentication: The Eyeprints software solution is not dependent on specific hardware devices and can be integrated into new or replaced iOS and Android hardware.

• Patented Eyeprint technology: Eyeprint patented technology uses eye veins and other distinct features of the human eye to create a unique user ID.

• Stability and longevity: Eyeprints remain consistent from year to year, unlike other parts of the human body. The biometric works with or without glasses, and in low and high lighting.

• Freedom from passwords: Eyeprint ID is accessible on mobile devices and eliminates the need for passwords, which are becoming obsolete in many applications.

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.