SlideShare ist ein Scribd-Unternehmen logo

Strong Customer Authentication & Biometrics

FIDO Alliance
FIDO Alliance

A look at the changing regulatory environment in Europe and the impact on payments, EMVCo 3D Secure along with details on Visa's implementation.

Wirtschaft & Finanzen
1 von 13
Downloaden Sie, um offline zu lesen
Strong Customer Authentication & Biometrics January, 2019
©2019 Visa. All rights reserved. Visa public2 Today’s discussion: 1. Changing regulatory landscape (Europe) & the impact on payments 2. Key enablers 3. 3DS 2.0 4. Visa Biometrics 5. Implementation details
©2019 Visa. All rights reserved. Visa public3 Changing landscape Uncharted territory Open ecosystem New payments requirements Ambiguity as we implement ©2019 Visa. All rights reserved. Visa public
©2019 Visa. All rights reserved. Visa public4 New Regulation • Strong Customer Authentication (SCA) Unless the payment qualifies as low risk, customers must authenticate transaction with at least two independent factors • Largest impact will be on remote electronic payments SCA must be applied to all electronic payments unless out of scope or exempted. Financial transactions can be classified in two ways: European Payment Service Directive 2 Something you know Something you have Something you are (PSD2 - September 2019) Exemptions Contactless payments at point of sale1 Unattended transport and parking terminals Recurring transactions Low value transactions Secure corporate payments Transaction risk analysis Trusted beneficiaries 1 2 3 4 5 6 7 1 Contactless transactions are exempt from SCA unless transactions exceed the count/amount thresholds Cardholder Initiated Transactions (CIT) In-scope Merchant Initiated Transactions (MIT) Out of scope Low Risk Transaction Value Band PSP Fraud Rate <€100 13 bps/0.13% €100-€250 6 bps/0.06% €250-€500 1 bps/0.01%
©2019 Visa. All rights reserved. Visa public5 3-D Secure 2.0 • Industry standard for authentication • 2.0 has an enhanced user experience, expanded device usage, greater data sharing and is regulatory smart Visa Biometrics • Consumer-friendly alternative to OTP’s • FIDO implementation provides 2- factor authentication with support for fingerprint, face and voice Products & programs for SCA compliance and optimization
©2019 Visa. All rights reserved. Visa public6 Issuer Identifies which transactions need additional authentication. Cardholder Most authentication is invisible to the consumer. Merchant Benefits directly from collaborative data exchange. 3-D Secure 2.0 —Who is involved? Data Expanded data contextualizes the authentication.
©2019 Visa. All rights reserved. Visa public7 The issuer collaborates with the merchant to authenticate the cardholder’s identity before authorization occurs 3-D Secure 2.0 —How it works. Authentication verifies the identity of the cardholder. Authentication with 3-D Secure 2.0 complements authorization to strengthen issuer confidence in approving the transaction. Authentication with 3-D Secure Authorization
©2019 Visa. All rights reserved. Visa public8 73% of global consumers surveyed would be comfortable using biometrics to make a payment1 Research conducted by Visa from Sept-Nov 2017, among over 10,000 consumers who use at least one credit card, debit card, and/or mobile pay. Why biometrics? 73% Singapore 68% Canada 70% U.S. 83% Brazil 75% UAE 73% Australia 70% New Zealand 74% Japan 78% China 76% South Africa 66% France 65% Ukraine 73% S. Korea 63% Russia
©2019 Visa. All rights reserved. Visa public9 Visa Biometrics Streamline SCA by enabling biometrics authentication with 3DS 2.0 & FIDO This page is intended for illustrative purposes only. It contains depictions of a product currently in the process of deployment, and should be understood as a representation of the potential features of the fully-deployed product. The final version of this product may not contain all of the features described in this presentation. Place order Authenticate with Biometrics Merchant SuccessNotification opens issuer app
©2019 Visa. All rights reserved. Visa public10 Customer How it works Visa Biometrics with 3DS and FIDO 3DS Program Server Visa Biometric FIDO Server ACSMerchant Server Customer places order Request to 3DS Program Request to issuer’s ACS Request for issuer to perform consumer authentication Issuer initiates authentication request with Visa Issuer Server Issuer sends push notification to issuer’s mobile app for customer to authenticate Customer selects push notification and launches mobile app, which requests authentication policy from issuer’s server Issuer requests authentication policy Issuer sends authentication policy to issuer’s mobile app Customer authenticates with biometrics and result is returned to issuer’s server Issuer’s server completes authentication with Visa Issuer sends authentication resultACS sends response3DS Program returns resultsMerchant approves/denies transaction
©2019 Visa. All rights reserved. Visa public11 Source: FIDO Authentication for Mobile Payments – Featuring Biometrics for 3-D Secure 2.0 Why we chose a FIDO implementation Secure • Asymmetric key cryptography • End-to-end design and review with security industry Compliant • Aligns with NIST, W3C, and PSD2 • Authenticators have been certified • Out-of-band on single device Data & Control • Metadata from device, authenticator • Flexible UX above standard API to manage policies Scale • Financial ROI of open standard economics • Mitigate development risk
©2019 Visa. All rights reserved. Visa public12 Category RTS FIDO Program Security measures shall be documented, tested, evaluated and audited. The FIDO certification program provides for an independent assessment of the security level. The assessment is typically performed by a FIDO accredited laboratory and evaluated by the FIDO technical staff. Authentication Factors Measures shall be adopted to mitigate the risk that authentication factors are uncovered, used or disclosed to unauthorized parties. Devices that read biometric authentication shall have a very low probability of an unauthorized user being authenticated. Once authentication factors are stored by the FIDO authenticator during registration they do not leave the authenticator and cannot be read, copied or transferred. FIDO authenticators that capture, store, read and compare biometric data are subject to a FIDO biometric certification that attests to the quality level of the biometric implementation. Criteria such as FAR, FRR and PAD are tested. Multipurpose Device Security measures including data protection, secured communication and separated environment shall be adopted when using a multi-purpose device (i.e. smartphone or tablet.) FIDO authenticators are commonly implemented in multi- purposes devices. The FIDO security standards call for firewalling of the FIDO authenticator from other applications in the device through a separated execution environment and protection of this environment from intrusion or alteration. A TLS protected channel is used for communication between the authentication and server. FIDO addresses many items of the European Banking Authority’s Regulatory Technical Standards (RTS) with a few key areas detailed below How FIDO helps with SCA compliance
©2019 Visa. All rights reserved. Visa public13 • PSD2 will challenge the payments industry but it will also bring an opportunity for players & solutions to excel ─ The combination of FIDO, Biometrics & 3DS 2.0 meets the demand of both regulators and consumers • Issuers & merchants: ─ Understand what the impacts are to your business ─ Plan and prioritize implementation of 3DS 2.0, authorization message enhancements, tokenization, and biometrics ─ Work with service providers on timing for SCA readiness and how to address exemptions • Service providers: ─ Innovate and continue to work with industry groups (FIDO, EMVCo, etc.) to prepare the next generation of solutions Key Takeaways Moving forward together

Empfohlen

Biometrics for Payment Authentication
Biometrics for Payment AuthenticationBiometrics for Payment Authentication
Biometrics for Payment Authentication
FIDO Alliance
 
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA AdoptionCurrent Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
FIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
FIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
FIDO Alliance
 
FIDO & Mobile Connect
FIDO & Mobile ConnectFIDO & Mobile Connect
FIDO & Mobile Connect
FIDO Alliance
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
FIDO Alliance
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
FIDO Alliance
 

Empfohlen

Biometrics for Payment Authentication
Biometrics for Payment AuthenticationBiometrics for Payment Authentication
Biometrics for Payment Authentication
FIDO Alliance
 
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA AdoptionCurrent Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
FIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
FIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
FIDO Alliance
 
FIDO & Mobile Connect
FIDO & Mobile ConnectFIDO & Mobile Connect
FIDO & Mobile Connect
FIDO Alliance
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
FIDO Alliance
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
FIDO Alliance
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
FIDO Alliance
 
Digital Identity In Government
Digital Identity In GovernmentDigital Identity In Government
Digital Identity In Government
FIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
FIDO Alliance
 
European Regulation And The Need For Strong Customer Authentication
European Regulation And The Need For Strong Customer AuthenticationEuropean Regulation And The Need For Strong Customer Authentication
European Regulation And The Need For Strong Customer Authentication
FIDO Alliance
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
FIDO Alliance
 
The State of Strong Authentication
The State of Strong AuthenticationThe State of Strong Authentication
The State of Strong Authentication
FIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
FIDO Alliance
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile Connect
FIDO Alliance
 
GDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてGDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準について
FIDO Alliance
 
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Alliance
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
FIDO Alliance
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social Applications
FIDO Alliance
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in Government
FIDO Alliance
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer Authentication
FIDO Alliance
 
FIDO Authentication in the Shifting Regulatory Landscape
FIDO Authentication in the Shifting Regulatory LandscapeFIDO Authentication in the Shifting Regulatory Landscape
FIDO Authentication in the Shifting Regulatory Landscape
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
FIDO Alliance
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
FIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
FIDO Alliance
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile Network
FIDO Alliance
 
IRJET- Easykey - Multipurpose RFID Card based IoT System
IRJET- Easykey - Multipurpose RFID Card based IoT SystemIRJET- Easykey - Multipurpose RFID Card based IoT System
IRJET- Easykey - Multipurpose RFID Card based IoT System
IRJET Journal
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National Certification
Mark Pollard
 

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
 
Digital Identity In Government
Digital Identity In GovernmentDigital Identity In Government
Digital Identity In Government
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
 
European Regulation And The Need For Strong Customer Authentication
European Regulation And The Need For Strong Customer AuthenticationEuropean Regulation And The Need For Strong Customer Authentication
European Regulation And The Need For Strong Customer Authentication
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 
The State of Strong Authentication
The State of Strong AuthenticationThe State of Strong Authentication
The State of Strong Authentication
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile Connect
 
GDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてGDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準について
 
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance OverviewFIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social Applications
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in Government
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer Authentication
 
FIDO Authentication in the Shifting Regulatory Landscape
FIDO Authentication in the Shifting Regulatory LandscapeFIDO Authentication in the Shifting Regulatory Landscape
FIDO Authentication in the Shifting Regulatory Landscape
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile Network
 

Ähnlich wie Strong Customer Authentication & Biometrics

Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National Certification
Mark Pollard
 
PSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – DecodedPSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – Decoded
TransUnion
 
PSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropePSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in Europe
TransUnion
 
Chapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml complianceChapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml compliance
Quan Risk
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
ForgeRock
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminar
dlinehan2
 
Boosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBoosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a reality
BSP Media Group
 

Ähnlich wie Strong Customer Authentication & Biometrics (20)

IRJET- Easykey - Multipurpose RFID Card based IoT System
IRJET- Easykey - Multipurpose RFID Card based IoT SystemIRJET- Easykey - Multipurpose RFID Card based IoT System
IRJET- Easykey - Multipurpose RFID Card based IoT System
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National Certification
 
Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11
 
PSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – DecodedPSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – Decoded
 
EBE 2020 Getting ready for PSD2 on time! How online fashion retailer Zalando ...
EBE 2020 Getting ready for PSD2 on time! How online fashion retailer Zalando ...EBE 2020 Getting ready for PSD2 on time! How online fashion retailer Zalando ...
EBE 2020 Getting ready for PSD2 on time! How online fashion retailer Zalando ...
 
PCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program OverviewPCI DSS Data Security Compliance Program Overview
PCI DSS Data Security Compliance Program Overview
 
PSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropePSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in Europe
 
3D-Secure 2.2 Webinar
3D-Secure 2.2 Webinar3D-Secure 2.2 Webinar
3D-Secure 2.2 Webinar
 
PCI Compliance 101
PCI Compliance 101PCI Compliance 101
PCI Compliance 101
 
Chapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml complianceChapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml compliance
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminar
 
Boosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a realityBoosting and securing online shopping - making PIN on phone a reality
Boosting and securing online shopping - making PIN on phone a reality
 
ConfidentID_broc
ConfidentID_brocConfidentID_broc
ConfidentID_broc
 
MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019
 
Slideshare fintech-may26th-def
Slideshare fintech-may26th-defSlideshare fintech-may26th-def
Slideshare fintech-may26th-def
 
Javelin Research's State of Strong Authentication 2019 Report Webinar
Javelin Research's State of Strong Authentication 2019 Report Webinar Javelin Research's State of Strong Authentication 2019 Report Webinar
Javelin Research's State of Strong Authentication 2019 Report Webinar
 
CWIN17 london transforming the insurance and banking with io t technologies...
CWIN17 london transforming the insurance and banking with io t technologies...CWIN17 london transforming the insurance and banking with io t technologies...
CWIN17 london transforming the insurance and banking with io t technologies...
 
Enrolment tech webinar consolidated published
Enrolment tech webinar consolidated publishedEnrolment tech webinar consolidated published
Enrolment tech webinar consolidated published
 
The Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White PaperThe Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White Paper
 

Mehr von FIDO Alliance

Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
FIDO Alliance
 

Mehr von FIDO Alliance (20)

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 

Kürzlich hochgeladen

Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Sareena Khatun
 
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadh
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadhabortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadh
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadh
samsungultra782445
 
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Call Girls Mumbai
 
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdfMASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
Cocity Enterprises
 
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
Health
 
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammam
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammamabortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammam
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammam
samsungultra782445
 
In Sharjah ௵(+971)558539980 *_௵abortion pills now available.
In Sharjah ௵(+971)558539980 *_௵abortion pills now available.In Sharjah ௵(+971)558539980 *_௵abortion pills now available.
In Sharjah ௵(+971)558539980 *_௵abortion pills now available.
hyt3577
 
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...
Health
 

Kürzlich hochgeladen (20)

cost-volume-profit analysis.ppt(managerial accounting).pptx
cost-volume-profit analysis.ppt(managerial accounting).pptxcost-volume-profit analysis.ppt(managerial accounting).pptx
cost-volume-profit analysis.ppt(managerial accounting).pptx
 
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
 
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
 
uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...
uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...
uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...
 
FE Credit and SMBC Acquisition Case Studies
FE Credit and SMBC Acquisition Case StudiesFE Credit and SMBC Acquisition Case Studies
FE Credit and SMBC Acquisition Case Studies
 
Toronto dominion bank investor presentation.pdf
Toronto dominion bank investor presentation.pdfToronto dominion bank investor presentation.pdf
Toronto dominion bank investor presentation.pdf
 
Technology industry / Finnish economic outlook
Technology industry / Finnish economic outlookTechnology industry / Finnish economic outlook
Technology industry / Finnish economic outlook
 
Collecting banker, Capacity of collecting Banker, conditions under section 13...
Collecting banker, Capacity of collecting Banker, conditions under section 13...Collecting banker, Capacity of collecting Banker, conditions under section 13...
Collecting banker, Capacity of collecting Banker, conditions under section 13...
 
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadh
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadhabortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadh
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadh
 
W.D. Gann Theory Complete Information.pdf
W.D. Gann Theory Complete Information.pdfW.D. Gann Theory Complete Information.pdf
W.D. Gann Theory Complete Information.pdf
 
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
 
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdf
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdfSeeman_Fiintouch_LLP_Newsletter_May-2024.pdf
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdf
 
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
 
Business Principles, Tools, and Techniques in Participating in Various Types...
Business Principles, Tools, and Techniques in Participating in Various Types...Business Principles, Tools, and Techniques in Participating in Various Types...
Business Principles, Tools, and Techniques in Participating in Various Types...
 
fundamentals of corporate finance 11th canadian edition test bank.docx
fundamentals of corporate finance 11th canadian edition test bank.docxfundamentals of corporate finance 11th canadian edition test bank.docx
fundamentals of corporate finance 11th canadian edition test bank.docx
 
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdfMASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
 
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
 
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammam
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammamabortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammam
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammam
 
In Sharjah ௵(+971)558539980 *_௵abortion pills now available.
In Sharjah ௵(+971)558539980 *_௵abortion pills now available.In Sharjah ௵(+971)558539980 *_௵abortion pills now available.
In Sharjah ௵(+971)558539980 *_௵abortion pills now available.
 
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...
 

Strong Customer Authentication & Biometrics

  • 1. Strong Customer Authentication & Biometrics January, 2019
  • 2. ©2019 Visa. All rights reserved. Visa public2 Today’s discussion: 1. Changing regulatory landscape (Europe) & the impact on payments 2. Key enablers 3. 3DS 2.0 4. Visa Biometrics 5. Implementation details
  • 3. ©2019 Visa. All rights reserved. Visa public3 Changing landscape Uncharted territory Open ecosystem New payments requirements Ambiguity as we implement ©2019 Visa. All rights reserved. Visa public
  • 4. ©2019 Visa. All rights reserved. Visa public4 New Regulation • Strong Customer Authentication (SCA) Unless the payment qualifies as low risk, customers must authenticate transaction with at least two independent factors • Largest impact will be on remote electronic payments SCA must be applied to all electronic payments unless out of scope or exempted. Financial transactions can be classified in two ways: European Payment Service Directive 2 Something you know Something you have Something you are (PSD2 - September 2019) Exemptions Contactless payments at point of sale1 Unattended transport and parking terminals Recurring transactions Low value transactions Secure corporate payments Transaction risk analysis Trusted beneficiaries 1 2 3 4 5 6 7 1 Contactless transactions are exempt from SCA unless transactions exceed the count/amount thresholds Cardholder Initiated Transactions (CIT) In-scope Merchant Initiated Transactions (MIT) Out of scope Low Risk Transaction Value Band PSP Fraud Rate <€100 13 bps/0.13% €100-€250 6 bps/0.06% €250-€500 1 bps/0.01%
  • 5. ©2019 Visa. All rights reserved. Visa public5 3-D Secure 2.0 • Industry standard for authentication • 2.0 has an enhanced user experience, expanded device usage, greater data sharing and is regulatory smart Visa Biometrics • Consumer-friendly alternative to OTP’s • FIDO implementation provides 2- factor authentication with support for fingerprint, face and voice Products & programs for SCA compliance and optimization
  • 6. ©2019 Visa. All rights reserved. Visa public6 Issuer Identifies which transactions need additional authentication. Cardholder Most authentication is invisible to the consumer. Merchant Benefits directly from collaborative data exchange. 3-D Secure 2.0 —Who is involved? Data Expanded data contextualizes the authentication.
  • 7. ©2019 Visa. All rights reserved. Visa public7 The issuer collaborates with the merchant to authenticate the cardholder’s identity before authorization occurs 3-D Secure 2.0 —How it works. Authentication verifies the identity of the cardholder. Authentication with 3-D Secure 2.0 complements authorization to strengthen issuer confidence in approving the transaction. Authentication with 3-D Secure Authorization
  • 8. ©2019 Visa. All rights reserved. Visa public8 73% of global consumers surveyed would be comfortable using biometrics to make a payment1 Research conducted by Visa from Sept-Nov 2017, among over 10,000 consumers who use at least one credit card, debit card, and/or mobile pay. Why biometrics? 73% Singapore 68% Canada 70% U.S. 83% Brazil 75% UAE 73% Australia 70% New Zealand 74% Japan 78% China 76% South Africa 66% France 65% Ukraine 73% S. Korea 63% Russia
  • 9. ©2019 Visa. All rights reserved. Visa public9 Visa Biometrics Streamline SCA by enabling biometrics authentication with 3DS 2.0 & FIDO This page is intended for illustrative purposes only. It contains depictions of a product currently in the process of deployment, and should be understood as a representation of the potential features of the fully-deployed product. The final version of this product may not contain all of the features described in this presentation. Place order Authenticate with Biometrics Merchant SuccessNotification opens issuer app
  • 10. ©2019 Visa. All rights reserved. Visa public10 Customer How it works Visa Biometrics with 3DS and FIDO 3DS Program Server Visa Biometric FIDO Server ACSMerchant Server Customer places order Request to 3DS Program Request to issuer’s ACS Request for issuer to perform consumer authentication Issuer initiates authentication request with Visa Issuer Server Issuer sends push notification to issuer’s mobile app for customer to authenticate Customer selects push notification and launches mobile app, which requests authentication policy from issuer’s server Issuer requests authentication policy Issuer sends authentication policy to issuer’s mobile app Customer authenticates with biometrics and result is returned to issuer’s server Issuer’s server completes authentication with Visa Issuer sends authentication resultACS sends response3DS Program returns resultsMerchant approves/denies transaction
  • 11. ©2019 Visa. All rights reserved. Visa public11 Source: FIDO Authentication for Mobile Payments – Featuring Biometrics for 3-D Secure 2.0 Why we chose a FIDO implementation Secure • Asymmetric key cryptography • End-to-end design and review with security industry Compliant • Aligns with NIST, W3C, and PSD2 • Authenticators have been certified • Out-of-band on single device Data & Control • Metadata from device, authenticator • Flexible UX above standard API to manage policies Scale • Financial ROI of open standard economics • Mitigate development risk
  • 12. ©2019 Visa. All rights reserved. Visa public12 Category RTS FIDO Program Security measures shall be documented, tested, evaluated and audited. The FIDO certification program provides for an independent assessment of the security level. The assessment is typically performed by a FIDO accredited laboratory and evaluated by the FIDO technical staff. Authentication Factors Measures shall be adopted to mitigate the risk that authentication factors are uncovered, used or disclosed to unauthorized parties. Devices that read biometric authentication shall have a very low probability of an unauthorized user being authenticated. Once authentication factors are stored by the FIDO authenticator during registration they do not leave the authenticator and cannot be read, copied or transferred. FIDO authenticators that capture, store, read and compare biometric data are subject to a FIDO biometric certification that attests to the quality level of the biometric implementation. Criteria such as FAR, FRR and PAD are tested. Multipurpose Device Security measures including data protection, secured communication and separated environment shall be adopted when using a multi-purpose device (i.e. smartphone or tablet.) FIDO authenticators are commonly implemented in multi- purposes devices. The FIDO security standards call for firewalling of the FIDO authenticator from other applications in the device through a separated execution environment and protection of this environment from intrusion or alteration. A TLS protected channel is used for communication between the authentication and server. FIDO addresses many items of the European Banking Authority’s Regulatory Technical Standards (RTS) with a few key areas detailed below How FIDO helps with SCA compliance
  • 13. ©2019 Visa. All rights reserved. Visa public13 • PSD2 will challenge the payments industry but it will also bring an opportunity for players & solutions to excel ─ The combination of FIDO, Biometrics & 3DS 2.0 meets the demand of both regulators and consumers • Issuers & merchants: ─ Understand what the impacts are to your business ─ Plan and prioritize implementation of 3DS 2.0, authorization message enhancements, tokenization, and biometrics ─ Work with service providers on timing for SCA readiness and how to address exemptions • Service providers: ─ Innovate and continue to work with industry groups (FIDO, EMVCo, etc.) to prepare the next generation of solutions Key Takeaways Moving forward together