Last month, EMVCo Associates gathered in Bangkok, Thailand, to share technical knowledge and expert insights into EMVCo’s specification development activity. In this post, Arman Aygen, EMVCo Director of Technology, shares his three standout discussions centred on how EMVCo is collaborating across the industry to improve the online payments experience.
Ongoing: Optimising the use of FIDO Passkeys during payment authentication
To make payments and cardholder authentication as secure and convenient as possible, we continually seek ways to remove unnecessary friction and address password apathy. A key challenge surrounds the use of traditional passwords. This continues to drive discussions around FIDO Passkeys which allow a user to sign in to apps and websites with the same process that they use to unlock their devices (i.e. biometric, PIN or pattern).
Of particular interest in Bangkok was how passkeys could be used in payment authentication solutions. Today, passkeys can be supported in the EMV® 3-D Secure (EMV 3DS) challenge flow without requiring any changes. There are gaps, however, related to device binding and recognition, which is needed to support local regulation. Following the release of EMVCo’s whitepaper on the use of FIDO Data in 3DS messages, this is a topic that we continue to explore in close collaboration with FIDO Alliance.
EMVCo also continues to investigate the role of passkeys in EMV Secure Remote Commerce (SRC) systems. This includes the potential use of a passkey for identification to ease the access to the card list, and potential to authenticate the transaction (cardholder verification) without additional friction. Initial research undertaken shows that consumers overall recognise the security benefits and convenience of using passkeys. Many also reflected that they would choose to create a passkey since it would empower them to make safer, easier purchases.
Improved: The Secure Payment Confirmation (SPC) User Interface (UI)
SPC is a web standard published by the World Wide Web Consortium (W3C) that is built on WebAuthn to support streamlined authentication during a payment transaction. Issuers and merchants can use both FIDO-based WebAuthn and SPC within the EMV 3DS flow to better determine the legitimacy of a transaction in order to reduce the risk of fraud.
To improve the consumer experience when SPC is used, EMVCo and its Associates have been working to provide feedback on the UI. In Bangkok, we shared that these recommended updates have been successfully incorporated. The additions included:
- Adding the merchant name.
- Adding the issuer and network logo.
- Increasing the card art size.
- Offering a fallback to EMV 3DS if needed.
- Asking users to confirm purchase details again to improve dialogue privacy, rather than display an ‘error screen’ when credentials don’t match.
As a next step, EMVCo and its Associates will look at improvements for recurring and non-payment transactions.
New: Supporting the presentation of co-badged cards online
Co-badged payment cards integrate two payment systems sharing the same underlying primary account number (PAN). For example, a card that supports both an international payment system and a domestic payment system. The branding on the card enables the cardholder to identify the payment system through which payments are made.
Today, EMV SRC systems can display a co-badged card as two independent cards. EMVCo is working with its Associates to address this use case and improve the cardholder experience and display a co-badged card as a single card in the card list, while still representing two payment systems.
To achieve this, EMVCo proposes to leverage the EMV payment account reference (PAR) as an existing data element to enable the two cards to be connected.
Time is also being taken to analyse a host of considerations, including alignment with regulatory requirements enabling consumer and merchant choice, and ensuring backward compatibility with existing technology.
In addition, a joint presentation was delivered by Jason Rosenbaum from Australian Payments Plus, and Dr Thomas Fromherz from G+D Netcetera. It showcased the Australian’s domestic payment network, eftpos’, digital journey to implement its Click to Pay solution based on the EMV SRC framework.
And finally, EMVCo would also like to thank Naphongthawat Phothikit from the Bank of Thailand for his insightful local market presentation into Thailand’s national e-payment strategy, which showcased the country’s digital financial journey and future ambitions. Having an opportunity to better understand national and regional implementations and requirements continues to be a key benefit of EMVCo’s industry meetings.
Interested in learning more about these topics? Register and join us at the next Technical Meeting, 17-20 November 2025, Vienna, Austria.
We also have an upcoming EMV User Meeting – open to all EMVCo Associates and Subscribers – in Osaka-Shi Chuo-Ku, Japan, 10-11 June 2025, and a Board of Advisors Meeting, in Charleston, USA, 21-22 October 2025.
by Bastien Latge
by Sophie Rainford