The latest in browser privacy requirements, quantum computing and wireless payments are just a few of the topics discussed at the EMVCo Technical Associates Meeting in Austin. In this post, Arman Aygen, Director of Technology at EMVCo, provides insight into key highlights from the meeting.
1. Impact of browser privacy requirements on payments
Browser privacy requirements affect how consumer data is used throughout the transaction process.
Guest speaker Ian Jacobs from the World Wide Web Consortium discussed the latest changes to browser privacy requirements and the impact to online payments, including increased friction and challenge rates. Highlighting the organisation’s joint initiative with FIDO Alliance and EMVCo on Web Payment Security, he talked about how the organisations are working together to promote consumer privacy while ensuring convenient and seamless e-commerce checkout experiences.
The Web Payment Security Interest Group has just released an updated version of a document that explores how EMVCo, FIDO and W3C technologies can be used together to support merchant efforts to protect user privacy, fight fraud and meet regulatory requirements, while helping to reduce costs and streamline the online payment process.
2. New guidance on wireless payments
Using wireless technology, payments can be made without the payment device (e.g., a smartphone) being in immediate proximity to the payment terminal. This increased interaction distance can enable a more flexible and convenient payment experience for both merchants and consumers. At the meeting EMVCo announced plans to release a whitepaper in 2023 that explores data and security considerations for specific wireless payments use cases.
The whitepaper is being developed by the EMVCo Wireless Task Force. The task force was established to address feedback from EMVCo Associates requesting guidance on if and how EMV® Specifications should address the use of wireless technologies for face-to-face payments.
3. Quantum computing and EMV Chip cryptography
The Security Working Group discussed the latest developments in quantum computing, and its potential impact on cryptography. EMV Chip uses cryptography for real-time payment authorisation and terminal PIN protection. This is different to some other users of cryptography, who need information protected now to remain confidential for many years and survive the arrival of quantum
computing. Based on this, and what is currently known about quantum computing, EMVCo does not consider it a threat to EMV chip cryptography.
EMVCo is engaged with the efforts led by NIST on quantum-resistant cryptography and will assess the output for consideration in future versions of EMV Chip Specifications.
4. Mobile payments milestone
Recently, EMVCo issued its 100th Security Evaluation Certificate for Software-Based Mobile Payments (SBMP) solutions.
This reflects significant industry uptake from leading device manufacturers and product vendors to demonstrate the security of their solutions through a globally recognised programme, simplifying the deployment of safe and secure mobile wallet solutions.
The discussions at the meetings highlighted this milestone and provided updates on the future activities surrounding EMVCo’s approval and evaluation processes, which continue to promote trust and confidence across the global payments ecosystem.
by Carey Ferro
by Brian Byrne