WebAuthn and SPC

Business Overview

Secure Payment Confirmation (SPC) is a proposed web standard that allows customers to authenticate with their card issuer, bank, or other payment service provider using a platform authenticator:

Touch ID / Face ID on a macOS device

Windows Hello on a Windows device

SPC is designed to enable streamlined SCA for the purpose of completing online payment transactions. It enables a consistent authentication experience across websites/Merchants and provides cryptographic evidence that the Cardholder has accepted the terms of the transaction. These terms include the Merchant details, the payment instrument, and the total amount of the transaction. When a Merchant or Issuer invokes the SPC API, the Browser displays the elements of the transaction in a secure modal window, and the Cardholder is asked to verify as illustrated below.

WebAuthn User Experience

Technical Features

Overview

SPC is built upon WebAuthn and designed specifically for payment purposes. As WebAuthn credentials are registered for specific domains, these credentials cannot be used to authenticate on unregistered sites that may be impersonating a Merchant. This feature makes WebAuthn effective against phishing attacks. SPC is available for browsers built using Chromium software (such as Microsoft Edge or Google Chrome).
SPC adds a payment information layer on top of WebAuthn enabling the card issuer or bank to provide a consistent payment experience. Once a payer registers an authenticator with the Relying Party, it can be used to authenticate on different Merchant sites. The Relying Party can also choose to use the payment credential as a regular WebAuthn credential.

Preconditions

The ACS has an enrolled FIDO Authenticator on the device for the Cardholder.
The 3DS Requestor and/or the ACS have detected that the Cardholder Browser supports the related SPC APIs (allow=”payment *; publickey-credentials-get *”). For the ACS, this information can be obtained via the Browser User-Agent data element or via data obtained using the 3DS Method.

Data Element/ Field Name	Description	Version
3DS Requestor Authentication Information	Information about how the 3DS Requestor authenticated the Cardholder before or during the transaction.	2.3.1
3DS Requestor Prior Transaction Authentication Information	Information about how the 3DS Requestor authenticated the Cardholder as part of a previous 3DS transaction.	2.3.1
3DS Requestor SPC Support	Indicate if the 3DS Requestor supports the SPC authentication. Note: If present, this field contains the value Y.	2.3.1
ACS Information Indicator	Provides additional information for a particular Protocol Version to the 3DS Server. The element lists all applicable values for the card range. Example: { “acsInfoInd”:[“01″,”02″,”03″,”04”,“05”,”06″,”07″] }	2.3.1
Authentication Method	Indicates the list of authentication types the Issuer will use to challenge the Cardholder, when in the ARes message or what was used by the ACS when in the RReq message. Note: For 03-3RI, only present for Decoupled Authentication.	2.3.1
SPC Transaction Data	Information that the 3DS Requestor passes in the SPC API for display in the Smart Modal Window.	2.3.1
Transaction Status	Indicates whether a transaction qualifies as an authenticated transaction or account verification. The Final CRes message can only contain a value of Y or N or D. Transaction Status = C or S is not allowed for Device Channel = 3RI.	2.3.1
WebAuthn Credential List	List of credential IDs registered for the Cardholder Account Number.	2.3.1

Data Element/
Field Name

Description

Version

3DS Requestor Authentication Information

Information about how the 3DS Requestor authenticated the Cardholder before or during the transaction.

2.3.1

3DS Requestor Prior Transaction Authentication Information

Information about how the 3DS Requestor authenticated the Cardholder as part of a previous 3DS transaction.

2.3.1

3DS Requestor SPC Support

Indicate if the 3DS Requestor supports the SPC authentication.

Note: If present, this field contains the value Y.

2.3.1

ACS Information Indicator

Provides additional information for a particular Protocol Version to the 3DS Server. The element lists all applicable values for the card range.
Example:
{
“acsInfoInd”:[“01″,”02″,”03″,”04”,“05”,”06″,”07″]
}

2.3.1

Authentication Method

Indicates the list of authentication types the Issuer will use to challenge the Cardholder, when in the ARes message or what was used by the ACS when in the RReq message.

Note: For 03-3RI, only present for Decoupled Authentication.

2.3.1

SPC Transaction Data

Information that the 3DS Requestor passes in the SPC API for display in the Smart Modal Window.

2.3.1

Transaction Status

Indicates whether a transaction qualifies as an authenticated transaction or account verification.

The Final CRes message can only contain a value of Y or N or D.

Transaction Status = C or S is not allowed for Device Channel = 3RI.

2.3.1

WebAuthn Credential List

List of credential IDs registered for the Cardholder Account Number.

2.3.1

Data Element/ Field Name	Description	Version
Additional Data	For SPC API enhancement, to be defined in a future 3DS specification release	2.3.1
Challenge	Random string generated by the ACS to prevent replay attacks.	2.3.1
Challenge Information Text	Text provided by the ACS to be displayed during the SPC authentication.	2.3.1
Currency	Transaction amount currency to be displayed during the SPC authentication	2.3.1
Display Name	Card or product name (Payment Instrument) to be displayed during the SPC authentication.	2.3.1
Icon	Card image (Payment Instrument) URL or Data URL to be displayed during the SPC authentication.	2.3.1
Issuer Image SPC	Issuer logo or Image URLs or Data URLs to be displayed during the SPC authentication. Includes at minimum the Default Image and at maximum the three Fully Qualified URLs or Data URLs defined as default, dark mode or monochrome images of the Issuer Image SPC. Default Image Field Name: default Dark Mode Image Field Name: dark Monochrome Image Field Name: monochrome Example Fully Qualified URL: “issuerImageSpc”:{ “default”:”https://acs.com/defaultspcimage.png”} Example Data URL: “issuerImageSpc”:{ “default”:”data:image/png;base64,iVBORw0KGgoAA…”}	2.3.1
Payee Name	The display name of the payee that this SPC call is for (e.g., the Merchant). Matches the Merchant Name from the AReq message.	2.3.1
Payee Origin	The origin of the payee that this SPC call is for (e.g. the Merchant). Matches the Payee Origin from the AReq message.	2.3.1
Payment System Image SPC	Payment System logo or Image URLs to be displayed during the SPC authentication. Includes at minimum the Default Image and at maximum the three Fully Qualified URLs defined as default, dark mode or monochrome images of the Payment System Image SPC. Default Image Field Name: default Dark Mode Image Field Name: dark Monochrome Image Field Name: monochrome Example Fully Qualified URL: “psImageSpc”:{ “default”:”https://ds.com/defaultspcimage.png”} Example Data URL: “psImageSpc”:{ “default”:”data:image/png;base64,c2RzYWRhc2Q…”}	2.3.1
Timeout	The number of milliseconds before the request to sign the transaction details times out.	2.3.1
Value	Transaction amount as a decimal value to be displayed during the SPC authentication.	2.3.1
WebAuthn SPC Extension Indicator	For SPC and WebAuthn API enhancement.	2.3.1

Data Element/
Field Name

Description

Version

Additional Data

For SPC API enhancement, to be defined in a future 3DS specification release

2.3.1

Challenge

Random string generated by the ACS to prevent replay attacks.

2.3.1

Challenge Information Text

Text provided by the ACS to be displayed during the SPC authentication.

2.3.1

Currency

Transaction amount currency to be displayed during the SPC authentication

2.3.1

Display Name

Card or product name (Payment Instrument) to be displayed during the SPC authentication.

2.3.1

Icon

Card image (Payment Instrument) URL or Data URL to be displayed during the SPC authentication.

2.3.1

Issuer Image SPC

Issuer logo or Image URLs or Data URLs to be displayed during the SPC authentication.

Includes at minimum the Default Image and at maximum the three Fully Qualified URLs or Data URLs defined as default, dark mode or monochrome images of the Issuer Image SPC.

Default Image
Field Name: default
Dark Mode Image
Field Name: dark
Monochrome Image
Field Name: monochrome

Example Fully Qualified URL:
“issuerImageSpc”:{
“default”:”https://acs.com/defaultspcimage.png”}

Example Data URL:
“issuerImageSpc”:{ “default”:”data:image/png;base64,iVBORw0KGgoAA…”}

2.3.1

Payee Name

The display name of the payee that this SPC call is for (e.g., the Merchant).
Matches the Merchant Name from the AReq message.

2.3.1

Payee Origin

The origin of the payee that this SPC call is for (e.g. the Merchant).
Matches the Payee Origin from the AReq message.

2.3.1

Payment System Image SPC

Payment System logo or Image URLs to be displayed during the SPC authentication.

Includes at minimum the Default Image and at maximum the three Fully Qualified URLs defined as default, dark mode or monochrome images of the Payment System Image SPC.

Default Image
Field Name: default
Dark Mode Image
Field Name: dark
Monochrome Image
Field Name: monochrome

Example Fully Qualified URL:
“psImageSpc”:{
“default”:”https://ds.com/defaultspcimage.png”}

Example Data URL:
“psImageSpc”:{
“default”:”data:image/png;base64,c2RzYWRhc2Q…”}

2.3.1

Timeout

The number of milliseconds before the request to sign the transaction details times out.

2.3.1

Value

Transaction amount as a decimal value to be displayed during the SPC authentication.

2.3.1

WebAuthn SPC Extension Indicator

For SPC and WebAuthn API enhancement.

2.3.1

Issuer-Initiated SPC Flow

Overview

When the ACS initiates and performs an SPC authentication as part of a challenge, the steps are identical to a standard Browser flow, where SPC authentication is used instead of the other 3DS challenge methods. This section outlines some of the details and values for specific steps when an ACS performs an SPC authentication as part of the Challenge Flow.

EMVCo TERMS OF USE

Last Updated: April 17, 2020

Welcome to EMVCo. By accessing or using the EMVCo website at www.emvco.com (“Site“) or any Site Materials, whether or not you obtained them via the Site, you agree to the following Terms of Use on behalf of yourself individually and the company or organization for which you are using the Site or Site Materials (“Organization“). If you do not agree to the following Terms of Use, do not use the Site or other Site Materials.

In these Terms of Use, “Site Materials” means all email messages sent to you by EMVCo in connection with your registration on the Site or participation in an EMVCo participation program, and all content, files and other materials that are available for viewing or download on the Site, including the EMV^® Specifications, requirements, guidelines, white papers or other documents, APIs, SDKs, software, scripts, code, trademarks, videos, text, graphics, pictures, information, and other materials.

You represent that either (a) you are an authorized representative of your Organization with authority to bind your Organization to these Terms of Use, in which case the term “you” refers collectively to both you individually and your Organization, or (b) you are not authorized to bind any Organization to these Terms of Use and are using the Site or Site Materials solely in your personal capacity, in which case the term “you” refers to you individually. EMVCo, LLC (“EMVCo“) reserves the right to modify or replace these Terms of Use at any time and in EMVCo’s sole discretion.

EMVCo will indicate at the top of these Terms of Use the date such document was last updated. Any changes will be effective immediately upon posting the revised version on the Site (or such later effective date as may be indicated at the top of the revised Terms of Use). Your continued use of the Site or Site Materials following the posting of any changes to these Terms of Use will constitute your acceptance of such changes. If you do not agree to the changes, you must stop using the Site and Site Materials. In addition, EMVCo may provide other methods by which you may accept or receive notice of these Terms of Use or changes to these Terms of Use.

Privacy Policy. Please refer to our Privacy Policy for information on how EMVCo collects, uses and discloses personal information.
Terms of Sale; Participation Programs. Except as otherwise stated on the Site, all sales transactions on the Site are governed by EMVCo’s Terms of Sale. Your participation in EMVCo’s participation programs (such as the EMVCo Subscriber Programme or EMVCo Associates Programme) is governed by the applicable EMVCo agreement presented at registration for the program.
Acceptable Use. As a condition of using the Site, you agree not to do any of the following:
1. use the Site or Site Materials in violation of applicable law or in a manner that facilitates or furthers the violation of applicable law;
2. use the Site or Site Materials in a way that harms EMVCo or EMVCo’s members, affiliates or vendors, or other users of the Site;
3. use any portion of the Site as a destination linked from any unsolicited bulk messages or unsolicited commercial messages (such as “spam”);
4. use or access, or attempt to use or access, any EMVCo account that is not yours;
5. damage, disable, overburden or impair the Site (or the network(s) connected to the Site) or otherwise interfere with anyone’s use and enjoyment of the Site;
6. attempt to reverse-engineer or otherwise discover or recreate any part of the Site or Site Materials (including any code, technology or methodology used in connection with the Site);
7. except as otherwise may be authorized by EMVCo in a separate document, resell or redistribute the Site or Site Materials or any part of the Site or Site Materials, or otherwise use the Site or Site Materials for any purpose other than your own internal business use;
8. use the Site (including any Site Materials) other than for its intended purpose.
License to Site, Site Materials and Intellectual Property Associated with Compliance with Specifications. The Site Materials are the proprietary property of EMVCo or its licensors. EMVCo hereby grants to you a perpetual, worldwide, nonexclusive, nontransferable, royalty-free, paid-up license (without the right to sublicense) to:
1. reproduce Site Material documents and files that are specifically made available on the Site for the general public to download without a Subscriber or Associate account (“Public Documents”), and share such Public Documents internally within your Organization, provided that any copyright notices on each page of Public Document reproductions are reproduced in full and that you agree to comply with all such notices;
2. prepare translations of the Public Documents into your local language(s) solely for internal use within your Organization, without distribution to third parties;
3. in the past and future, make (including have made), use, sell, offer to sell and/or import integrated circuit cards, terminals, applications and systems that practice, in whole or in part, any final (non-draft) version of the EMV Specifications; and
4. modify, use, and incorporate into your EMV Products any final (non-draft) API, SDK, software, scripts and other code that are specifically described by EMVCo as being provided for such incorporation.
In these Terms of Use, “EMV Products” means products or services that are designed to comply with the EMV Specifications. The foregoing license applies retroactively to include activities prior to the date you agreed to these Terms of Use, but is granted solely under the intellectual property rights that EMVCo owns or has the right to license. To the extent the foregoing license includes rights to a third party’s patents, the license is limited to those patents or patent claims that would be necessarily infringed by an entity implementing the mandatory or optional requirements of the EMV Specifications.
License Conditions. The license granted in Section 4 is subject to your compliance with these Terms of Use. Except as expressly provided in the foregoing license grant, such license excludes: (a) any resale of the Site or any Site Materials; (b) any distribution, public performance or public display of any Site Materials; (c) modifying or otherwise making any derivative uses of the Site or any Site Materials; (d) use of any data mining, robots or similar data gathering or extraction, automated account registration, or account utilization methods; (e) downloading (other than the page caching) of any portion of the Site, the Site Materials or any information contained therein; or (f) trademarks on the Site. Any translation of the Site Materials must include the following (or a substantially similar notice) prominently on the cover page of each copy of a translation (with “[Organization]” being replaced with the name of your Organization:
- This is an unofficial translation for [Organization] internal use only. Do not distribute outside [Organization]. EMVCo is not responsible for this translation. Only documents published by EMVCo are the official versions for EMV testing and approval. EMVCo reserves all rights.
And after the cover page of each copy of a translation, the following (or a substantially similar notice) must be printed:
- Unofficial translation for [Organization] internal use only. EMVCo is not responsible for this translation
Notwithstanding the foregoing, the Public Documents may be subject to a separate agreement you may have with EMVCo or to supplemental terms and conditions that are included in or accompany Public Documents, in which case you agree that such separate agreement or supplemental terms and conditions will apply to your use of the Public Documents. Any use of the Site or Site Materials other than as specifically authorized herein (or in such separate agreement or supplemental terms and conditions) is strictly prohibited and will automatically terminate the foregoing license without notice.
Trademarks. EMVCo, EMV^®, the EMVCo logo, the EMV Secure Remote Commerce payment icon, the EMV Contactless Marks, the EMV QR Marks, the EMVCo Certification Marks, EMVCo Relationship Marks, and any other product or service name or slogan contained in the Site are trademarks of EMVCo and its licensors and may not be copied, imitated or used, in whole or in part, without the prior written permission of EMVCo or the applicable trademark holder. Use of any EMVCo trademarks is subject to the trademark license agreement(s) you may have with EMVCo and your compliance with any applicable EMVCo trademark usage guidelines. You may not use any metatags or any other “hidden text” utilizing “EMVCo,” “EMV” or any other name, trademark or product or service name of EMVCo without our prior written permission. In addition, the look and feel of the Site, including all page headers, graphics, button icons and scripts, is the service mark, trademark or trade dress of EMVCo and its licensors and may not be copied, imitated or used, in whole or in part, without our prior written permission. All other trademarks, registered trademarks, product names and company names or logos mentioned on the Site are the property of their respective owners. Reference to any product vendors, laboratories, auditors, test tools, products, services, processes or other information, whether by trade name, trademark, manufacturer, supplier or otherwise, does not constitute or imply endorsement, sponsorship or recommendation thereof by EMVCo.
Framing and Hyperlinks. You may not frame or utilize framing techniques to enclose any EMVCo trademark, logo or other Site Materials, including the images found at the Site, the content of any text or the layout/design of any page or form contained on a page on the Site, without EMVCo’s written consent. EMVCo makes no claim or representation regarding, and accepts no responsibility for, the quality, content, nature or reliability of third-party Web sites accessible by hyperlink from the Site or of Web sites linking to the Site. Such sites are not under the control of EMVCo and EMVCo is not responsible for the contents of any linked site or any link contained in a linked site, or any review, changes or updates to such sites. EMVCo provides these links to you only as a convenience, and the inclusion of any link does not imply affiliation, endorsement or adoption by EMVCo of any site or any information contained therein. When you leave the Site, you should be aware that our terms and policies no longer govern. You should review the applicable terms and policies, including privacy and data gathering practices, of any site to which you navigate from the Site.
Submissions. You agree that any idea, method, concept, invention, suggestion, design, technology, information, process, formula, software, technique, drawings, data, know how, or other item or material which is provided by you (including your Organization or any other employee or representative of your Organization) to EMVCo regarding the Site, Site Materials (including without limitation any EMV Specifications (defined below)), other documents and materials of EMVCo, any EMVCo-related technologies and approval processes, or other offerings of EMVCo or its affiliates in the form of email or through a web form on the Site (“Submissions”) are non-confidential. You agree to grant, and hereby grant, to EMVCo a perpetual, worldwide, nonexclusive, royalty-free, fully sublicensable and irrevocable license to all intellectual property and proprietary rights in any Submissions to (a) make, have made, use, sell, offer for sale, and import integrated circuit cards, terminals, applications, test tools, systems, services and other items that practice, in whole or in part, the EMV^® Specifications, and (b) use, reproduce, distribute, prepare derivative works of, publicly perform or display, and otherwise fully exploit any Submissions and any intellectual property and proprietary rights therein. Further, you agree to waive and forego asserting any moral rights you may have in the Submissions. By submitting a Submission to EMVCo, you represent and warrant that you have authority to provide such Submission to EMVCo and grant the rights to the Submission granted herein, and that doing so does not and will not constitute the infringement or misappropriation of the trade secrets or other confidential information of your Organization or any third party. You agree to execute such documents and otherwise provide such reasonable assistance, and to cause your affiliates to execute and provide such assistance, as is necessary to give full force and effect to this paragraph. As used herein, “EMV^® Specifications” means any and all existing and future specifications developed or issued by or on behalf of EMVCo, all technical bulletins to such specifications, and any related requirements documents, process documents, guidelines, and related materials. EMV^® Specifications are included in the definition of Site Materials.
Disclosure and Use of Information about Site Users. Although it is not EMVCo’s preference to provide governmental authorities with access to information about Site users, you acknowledge that EMVCo may be required to do so from time to time. As such, you authorize EMVCo to deliver or furnish any information about your use of the Site and such other information in connection with your use of the Site, to such governmental authorities as may order or demand the same, with or without notice to you.
Indemnification. You will defend and indemnify EMVCo, its affiliates, independent contractors and service providers, and each of their respective members, directors, officers, employees and agents (“EMVCo Parties”), from and against all claims, damages, costs, liabilities and expenses (including reasonable attorneys’ fees) arising out of or related to your use of, or inability to use, the Site or Site Materials.
Disclaimers. THE SITE AND ALL SITE MATERIALS (INCLUDING THE EMV^® SPECIFICATIONS) AND LICENSES ARE PROVIDED ON AN “AS IS” BASIS WITHOUT WARRANTIES OF ANY KIND. EMVCO DOES NOT PROMISE THAT THE SITE OR SITE MATERIALS WILL BE FREE OF INACCURACIES OR ERRORS, OR THAT YOUR USE OF THE SITE OR SITE MATERIALS WILL PROVIDE SPECIFIC RESULTS. EMVCO DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. YOU ARE SOLELY RESPONSIBLE FOR THE ACCURACY OF ANY TRANSLATIONS YOU MAKE.
Limitation of Liability. TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT SHALL ANY OF THE EMVCO PARTIES BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL OR PUNITIVE DAMAGES (INCLUDING LOSS OF PROFITS), WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, ARISING OUT OF OR RELATING TO THE SITE (INCLUDING ANY SITE MATERIALS), EVEN IF AN EMVCO PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EMVCO PARTIES (WHETHER IN CONTRACT, WARRANTY, TORT, PRODUCT LIABILITY, STRICT LIABILITY OR OTHER THEORY) ARISING OUT OF OR RELATING TO THE SITE OR SITE MATERIALS (INCLUDING THE EMV^® SPECIFICATIONS) EXCEED THE AMOUNT YOU PAID, IF ANY, FOR YOUR USE OF THE SITE DURING THE YEAR BEFORE THE CAUSE OF ACTION AROSE.
Applicable Law and Venue. These Terms of Use and your use of the Site and Site Materials shall be governed by and construed in accordance with the laws of the State of Delaware without resort to its conflict of law provisions. You agree that any action at law or in equity arising out of or relating to the Site, Site Materials or these Terms of Use shall be filed only in the state or federal courts located in Delaware, and you hereby irrevocably and unconditionally consent and submit to the exclusive jurisdiction of such courts over any suit, action or proceeding arising out of or relating to the same.
Export Laws; Use by U.S. Government. The Site Materials, including technical data, may be subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import laws and regulations in other countries. You agree to comply strictly with all such laws and regulations and acknowledge that you have the responsibility to obtain any licenses or other approvals, if applicable, to export, re-export, or import the Site Materials. The Site Materials may not be downloaded, or otherwise exported or re-exported (i) into, or to a national or resident of, Cuba, Iran, North Korea, Sudan, Syria or any other country subject to a U.S. embargo; (ii) to any person or entity on the U.S. Treasury Department’s Office of Foreign Assets Control’s list of Specially Designated Nationals, or the U.S. Commerce Department’s Bureau of Industry and Security’s Denied Parties, Unverified or Entity Lists; or (iii) for any purpose prohibited by U.S. export control laws (e.g., nuclear, biological, or chemical weapons or missile technology).Use, duplication or disclosure by the United States government is subject to the restrictions as set forth in the Rights in Technical Data and Computer Software Clauses in DFARS 252.227-7013(c) (1) (ii) and FAR 52.227-19(a) through (d) as applicable.
Termination; Modification of Site Materials. EMVCo reserves the right, without notice and in its sole discretion, to terminate your access to the Site or any Site Materials or features on the Site, and to block or prevent your future access to and use of the Site. EMVCo reserves the right, without notice and in its sole discretion, to terminate any license granted to you under these Terms of Use. In addition, EMVCo reserves the right to change, cancel or delete any and all Site Materials, services and features provided as part of the Site at any time, with or without notice to you.
Severability. If any provision of these Terms of Use shall be deemed unlawful, void or for any reason unenforceable, then that provision shall be deemed severable from these Terms of Use and shall not affect the validity and enforceability of any remaining provisions.
Questions. If you have any questions about EMVCo or the Site, please contact us by submitting a Public Comment at Contact Us or a Query (for Subscribers and Associates) at Submit a Query.

Card & Mobile

Acceptance Device

3-D Secure

Security Evaluation

Level 3

For Review

By Technology

By Type

What are EMV^® Specifications?

WebAuthn and SPC

Business Overview

WebAuthn User Experience

Benefits by Actor

Merchant

Issuer

Cardholder

Technical Features

Overview

Preconditions

Merchant-Initiated SPC Flow

Overview

Sequence Diagram

Merchant-Initiated SPC Flow

User Experience

Issuer-Initiated SPC Flow

Overview

Sequence Diagram

User Experience

WebAuthn and SPC

Business Overview

WebAuthn User Experience

Benefits by Actor

Merchant

Issuer

Cardholder

Technical Features

Overview

Preconditions

Merchant-Initiated SPC Flow

Overview

Sequence Diagram

Merchant-Initiated SPC Flow

User Experience

Issuer-Initiated SPC Flow

Overview

Sequence Diagram

User Experience

EMVCo TERMS OF USE

EMVCo Login

Don't have an account?