First work product from Web Payment Security Interest Group outlines the roles of complementary technologies that can enhance the security and convenience of web payments for merchants and their e-commerce customers.
5 November 2020 – EMVCo, the FIDO Alliance and the World Wide Web Consortium (W3C) have published a document explaining the roles of their related technology specifications, that together can support merchants in delivering a more secure and convenient payment experience for the benefit of their e-commerce customers.
The ‘How EMVCo, FIDO, and W3C Technologies Relate’ document is the first output of the Web Payment Security Interest Group, a collaborative industry-led initiative focused on enhancing the interoperability of web payments. Key to this ongoing effort is identifying gaps between relevant specifications to increase compatibility among different technologies.
This new educational resource informs payments industry stakeholders on the roles of EMV® Secure Remote Commerce (SRC), EMV 3-D Secure (3DS), EMV Payment Tokenisation, FIDO Alliance’s FIDO2 specifications, and W3C’s Web Authentication and Payment Request APIs, which may be used together to enable more secure and convenient card-based payment during an e-commerce guest checkout on the Web.
The document also addresses how these technical specifications can support merchant efforts to fight fraud, protect user privacy and meet regulatory requirements, while helping to reduce cost and streamline the online payment process.
Following the document’s publication, the Web Payment Security Interest Group is actively seeking feedback from interested organizations to improve and enhance the document. For more information and details on how to submit feedback, please visit: https://www.w3.org/securepay/.
At the Authenticate 2020 Conference on 18 November, representatives from EMVCo, the FIDO Alliance and W3C will participate in a virtual panel session to discuss the document and seek input on it from payments industry stakeholders. The conference is open and free for anyone to attend.
“As more merchants move online, especially since the start of the COVID-19 pandemic, and fraud attempts increase, EMVCo sees this collaboration with the FIDO Alliance and W3C as a major contribution to advancing secure web-based payments, while also simplifying the online payment process for merchants and helping to reduce friction for their e-commerce customers,” said Bastien Latge, Director of Technology for EMVCo.
“FIDO Authentication can complement EMVCo and W3C technologies by securely and conveniently authenticating users and transactions in a variety of scenarios,” said Christina Hulka, executive director and chief operating officer of the FIDO Alliance. “The Web Payments SIG and this first resource are intended to educate and answer questions so ultimately these technologies can be implemented for stronger and simpler web payments. We look forward to industry feedback to help us to frame future educational outputs.”
“W3C, EMVCo, and FIDO have been working together for a number of years, and now is the time for the industry to start to reap the benefits,” said Ian Jacobs, W3C’s payments lead. “We published ‘How EMVCo, FIDO, and W3C Technologies Relate’ to usefully answer real-world industry questions. Through it, the three organizations have also advanced their understanding of each other’s activities. This now allows us to accelerate our joint efforts, and in collaboration with industry, to develop the next generation of secure and user-friendly technologies to streamline e-commerce.”
– ENDS –
About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.
About the World Wide Web Consortium
The mission of the World Wide Web Consortium (W3C) is to lead the Web to its full potential by creating technical standards and guidelines to ensure that the Web remains open, accessible, and interoperable for everyone around the globe. W3C well-known standards HTML and CSS are the foundational technologies upon which websites are built. W3C works on ensuring that all foundational Web technologies meet the needs of civil society, in areas such as accessibility, internationalization, security, and privacy. W3C also provides the standards that undergird the infrastructure for modern businesses leveraging the Web, in areas such as entertainment, communications, digital publishing, and financial services. That work is created in the open, provided for free and under the groundbreaking W3C Patent Policy.
For its work to make online videos more accessible with captions and subtitles, W3C received a 2016 Emmy Award. And for its work to standardize a Full TV Experience on the Web, W3C received a 2019 Emmy Award.
W3C’s vision for “One Web” brings together thousands of dedicated technologists representing more than 400 Member organizations and dozens of industry sectors. Organizationally, W3C is jointly run by the MIT Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) in the United States, the European Research Consortium for Informatics and Mathematics (ERCIM) headquartered in France, Keio University in Japan and Beihang University in China. For more information see https://www.w3.org/.
EMVCo PR Contacts
For further EMVCo media information please contact David Amos / Chloe Smith – Tel: +44 113 3501922 or email david@iseepr.co.uk / chloe@iseepr.co.uk
FIDO PR Contact
Karen Arena, Aircover PR – press@fidoalliance.org
+1 732-407-8510
W3C PR Contact
Amy van der Hiel – w3t-pr@w3.org
+1.617.253.5628
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.