Group publishes updated version of its ‘How EMVCo, FIDO and W3C Technologies Relate’ document to meet the evolving needs of the payments industry.
19 December 2022 – As part of their ongoing collaboration, EMVCo, the FIDO Alliance and the World Wide Web Consortium (W3C) have released an updated version of their document – ‘How EMVCo, FIDO and W3C Technologies Relate’. The paper explores how the organisations are working together to promote consumer privacy while ensuring convenient and seamless e-commerce checkout experiences.
This document is the latest output from the Web Payment Security Interest Group, a collaborative industry-led initiative focused on enhancing the interoperability of web payments. This educational resource reflects the latest updates to EMVCo’s EMV® 3-D Secure (EMV 3DS), EMV Payment Tokenisation and EMV Secure Remote Commerce (EMV SRC) technologies, FIDO’s Client-to-Authenticator Protocol (CTAP), and W3C’s Web Authentication, Secure Payment Confirmation (SPC) and Payment Request API initiatives.
As with the previous iteration, the document describes how these technologies may be used together to enable a more secure card-based payment during an e-commerce guest checkout on the Web. It also addresses how these technical specifications can support merchant efforts to protect user privacy, fight fraud and meet regulatory requirements, while helping to reduce costs and streamline the online payment process.
Following the document’s publication, the Web Payment Security Interest Group is actively seeking feedback from interested organisations to improve and enhance the document. For more information and details on how to submit feedback, please visit: https://www.w3.org/securepay/.
“Changing browser privacy requirements have an impact on how consumer data is used throughout the transaction process. EMVCo’s work with the FIDO Alliance and W3C is ensuring that our respective technologies can continue to provide a seamless and secure online payment process, while promoting consumer privacy,” said Arman Aygen, Director of Technology at EMVCo.
“The continued collaboration between the FIDO Alliance, W3C and EMVCo is critical in the effort to enhance the security and convenience of web payments,” said Christina Hulka, Executive Director and COO of the FIDO Alliance. “This updated resource is the latest product of all three of these organisations’ efforts to move closer to our common goal. We look forward to industry feedback to continue this work and inform our future efforts.”
“This updated version of the document emphasises the progress the three organisations have made in the past two years to support strong authentication on the Web during e-commerce checkout. We’ve reorganised the document to focus on how EMV 3-D Secure, FIDO authentication, and the new Secure Payment Confirmation can be used in tandem to improve privacy, security, and usability in strong authentication flows,” said Ian Jacobs, Head of W3C’s payments activities.
The Web Payment Security Interest Group is due to renew its charter in 2023. As the group extends its collaboration, the three industry bodies will continue to work with the wider industry to better understand requirements for secure web-based payments.
– ENDS –
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.
For further EMVCo media information please contact David Amos / Alistair Cochrane – Tel: +44 113 3501922 or email: david@iseepr.co.uk / alistair.c@iseepr.co.uk
About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.
About the World Wide Web Consortium
The mission of the World Wide Web Consortium (W3C) is to lead the Web to its full potential by creating technical standards and guidelines to ensure that the Web remains open, accessible, and interoperable for everyone around the globe. W3C well-known standards HTML and CSS are the foundational technologies upon which websites are built. W3C works on ensuring that all foundational Web technologies meet the needs of civil society, in areas such as accessibility, internationalization, security, and privacy. W3C also provides the standards that undergird the infrastructure for modern businesses leveraging the Web, in areas such as entertainment, communications, digital publishing, and financial services. That work is created in the open, provided for free and under the groundbreaking W3C Patent Policy.
W3C’s vision for “One Web” brings together thousands of dedicated technologists representing more than 400 Member organizations and dozens of industry sectors. W3C is jointly hosted by the MIT Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) in the United States, the European Research Consortium for Informatics and Mathematics (ERCIM) headquartered in France, Keio University in Japan and Beihang University in China. For more information see https://www.w3.org/.
by Carey Ferro