More Related Content Similar to Biometrics for Payment Authentication (20) More from FIDO Alliance (20) Biometrics for Payment Authentication2. ©2018 Visa. All rights reserved.2
1. Introduction to 3-D Secure
2. Sample biometric authentication use cases
3. Visa ID Intelligence Biometrics service
4. Biometrics for out-of-band payment authentication
4. ©2018 Visa. All rights reserved.4
3-D Secure (3DS) is a messaging protocol enabling authentication of a cardholder for e-commerce
transactions with the issuer prior to authorization
3-D Secure
?
Authentication with 3-D Secure
Authentication verifies the identity
of the cardholder
?
Authorization
Authentication with 3DS 2.0 complements
authorization to strengthen issuer
confidence in approving the transaction
The issuer collaborates with
the merchant to authenticate
the cardholder’s identity
before the authorization
occurs
5. ©2018 Visa. All rights reserved.5
3DS 2.0 protocol enhances issuer risk-based authentication capabilities and improves the user
experience across multiple form factors and use cases
3-D Secure 2.0 Improvements
Improved User Experience 3-D Secure 1.0 3-D Secure 2.0
• Capable of integration with the merchant experience X limited X expanded
• Removal of Activation During Shopping X
• Reduce the number of messages required X
More Data for Authentication and Security 3-D Secure 1.0 3-D Secure 2.0
• Payment-related data X limited X expanded
• Non-payment related data X
• Support for new and future authentication methods X
Flexible Device and Channel Support 3-D Secure 1.0 3-D Secure 2.0
• Browser-based authentication support X X expanded
• Mobile/application-based authentication support X
• Digital Wallet, Non-payment-based authentication X
• Support for future channels and form factors (i.e. MOTO) X
6. ©2018 Visa. All rights reserved.6
Sample biometric
authentication
use cases
7. ©2018 Visa. All rights reserved.7
Offer customers choice on how
they authenticate themselves
through face, fingerprint, and voice
while helping to reduce friction
associated with PINs and
passwords
Reduce friction during e-commerce
shopping experiences by helping
customers to authenticate
themselves with their preferred
biometrics via your mobile app
Simplify authentication and
help reduce exposure to fraud
across your channels by requiring
biometric authentication in
response to a push request to
your mobile app on the
customer’s device
Sample Biometric Authentication Use Cases
Simple App Login Step-up authentication
for online transactions
Step-up authentication
for account changes
8. ©2018 Visa. All rights reserved.8
Offer customers choice on how
they authenticate themselves
through face, fingerprint, and voice
while helping to reduce friction
associated with PINs and
passwords
Designed to reduce friction during
e-commerce shopping experiences
by helping customers to
authenticate themselves with their
preferred supported biometrics via
your mobile app
Simplify authentication and
help reduce exposure to fraud
across your channels by requiring
biometric authentication in
response to a push request to
your mobile app on the
customer’s device
Simple App Login Step-up authentication
for online transactions
Step-up authentication
for account changes
Sample Biometric Authentication Use Cases
9. ©2018 Visa. All rights reserved.9
73% of global consumers surveyed would be comfortable using biometrics to make a payment1
Source: Research conducted by Visa from Sept-Nov 2017, among over 10,000 consumers who use at least one credit card, debit card, and/or mobile pay. Looked at Q18 – To what
extent are you/would you be personally comfortable using each of the following payment authentication methods? Data includes summary of NET:Top 2 (Somewhat/Very comfortable)
for Fingerprint recognition, Eye scan, Facial recognition, Voice recognition, and Vein pattern recognition.
Why Biometrics?
73%
Singapore
68%
Canada
70%
U.S.
83%
Brazil
75%
UAE
73%
Australia
70%
New Zealand
74%
Japan
78%
China
76%
South Africa
66%
France 65%
Ukraine
73%
S. Korea
63%
Russia
10. ©2018 Visa. All rights reserved.10
Offer customers choice on how
they authenticate themselves
through face, fingerprint, and voice
while helping to reduce friction
associated with PINs and
passwords
Designed to reduce friction during
e-commerce shopping experiences
by helping customers to
authenticate themselves with their
preferred supported biometrics via
your mobile app
Simplify authentication and
help reduce exposure to fraud
across your channels by requiring
biometric authentication in
response to a push request to
your mobile app on the
customer’s device
Sample Biometric Authentication Use Cases
Simple App Login Step-up authentication
for online transactions
Step-up authentication
for account changes
These materials and best practice recommendations are provided for informational purposes only and should not be relied upon for marketing, legal, regulatory or other advice. Recommended marketing
materials should be independently evaluated in light of your specific business needs and any applicable laws and regulations. Visa is not responsible for your use of the marketing materials, best practice
recommendations, or other information, including errors of any kind, contained in this document
11. ©2018 Visa. All rights reserved.11
Visa ID Intelligence
Biometrics Service
12. ©2018 Visa. All rights reserved.12
v
• One stop shopping through Visa Developer
• Connect to vetted technologies selected
from hundreds of service providers
Financial
Institutions
Merchants
Acquirers/
Processors
Smarter Access
• Streamlined contracting with Visa
to enable faster time to market
• Build with Visa APIs and SDKs for
simplified integration
Smarter Integration
• Intelligently use authentication data
to create elegant user experience
• Apply learning from the best practices
and user testing
Smarter Decisions
Identity
Documents
Device Data
(coming soon)
User Data
Biometrics
(coming soon)
The Visa ID Intelligence Solution
Suite of authentication services
This slide is intended for illustrative purposes only. It contains depictions of a product currently in the process of deployment, and should be understood as a representation of the
potential features of the fully-deployed product. The final version of this product may not contain all of the features described in this presentation.
©2018 Visa. All rights reserved.
13. ©2018 Visa. All rights reserved.13
Highly Available
Visa manages the redundancy and failover for a highly available production
service
FIDO Alliance Certified
Server is compliant with FIDO® UAF specifications*
• Compatible with certified FIDO authenticators
• Allows for secure registration of FIDO authenticators to servers
• Supports login and step-up use-cases
Authentication Management Tools
• Create and manage multiple policies for enrollment and authentication
• Manage multiple applications across different platforms (iOS, Android)
API and hosted server
* As of this webinar
Visa ID Intelligence Biometrics
©2018 Visa. All rights reserved.
14. ©2018 Visa. All rights reserved.14
• Helps eliminate the need to build specific mobile
app and server support for FIDO® UAF protocol
• Helps eliminate the need to code for different
devices with a hardware agnostic solution
• Mobile SDKs to help enforce FIDO policies in the
application
• Add additional authentication capabilities such as
face and voice, designed to allow customers to
select their preferred biometric modality
• Help verify the biometric, device, and app during
each authentication event*
*if user uses a biometric authenticator
Android and iOS SDKs
Visa ID Intelligence Biometrics
Multi-factor authentication policies
High risk (transfer funds)
Allowed
Not Allowed
Silent
and
PinPin
Low risk (view accounts)
Allowed
Pin
Silent
16. ©2018 Visa. All rights reserved.16
Streamline 3-D Secure with Biometrics
Proof of concept
This page is intended for illustrative purposes only. It contains depictions of a product currently in the process of deployment, and should be understood as a representation of the
potential features of the fully-deployed product. The final version of this product may not contain all of the features described in this presentation.
(In Progress)
Place order Authenticate with Biometrics Merchant SuccessNotification opens issuer app
17. ©2018 Visa. All rights reserved.17
Streamline 3-D Secure with Biometrics
Proof of concept
This page is intended for illustrative purposes only. It contains depictions of a product currently in the process of deployment, and should be understood as a representation of the
potential features of the fully-deployed product. The final version of this product may not contain all of the features described in this presentation.
(In Progress)
Place order Authenticate with Biometrics Merchant SuccessNotification opens issuer app
18. ©2018 Visa. All rights reserved.18
Streamline 3-D Secure with Biometrics
Proof of concept
This page is intended for illustrative purposes only. It contains depictions of a product currently in the process of deployment, and should be understood as a representation of the
potential features of the fully-deployed product. The final version of this product may not contain all of the features described in this presentation.
(In Progress)
Place order Authenticate with Biometrics Merchant SuccessNotification opens issuer app
19. ©2018 Visa. All rights reserved.19
Streamline 3-D Secure with Biometrics
Proof of concept
This page is intended for illustrative purposes only. It contains depictions of a product currently in the process of deployment, and should be understood as a representation of the
potential features of the fully-deployed product. The final version of this product may not contain all of the features described in this presentation.
(In Progress)
Place order Authenticate with Biometrics Merchant SuccessNotification opens issuer app
20. ©2018 Visa. All rights reserved.20
3DS
Requestor
Source: EMVCo - EMV® 3-D Secure – Protocol and Core Functions Specification version 2.0.0, October 2016
3-D Secure 2.0 Environment
3DS
Client
3DS Server
3DS Requestor APIs/3DS Server APIs/Browser interaction
3DS Requestor Environment
*Note: gray dashed arrows and 3DS Requestor are not part of 3DS specifications
Customer
shops
21. ©2018 Visa. All rights reserved.21 Source: EMVCo - EMV® 3-D Secure – Protocol and Core Functions Specification version 2.0.0, October 2016
3-D Secure 2.0 Environment
Directory
Server
Issuer
*Note: gray dashed arrows and 3DS Requestor are not part of 3DS specifications
3DS
Requestor3DS
Client
3DS Server
3DS Requestor APIs/3DS Server APIs/Browser interaction
3DS Requestor Environment
Customer
shops
Access Control Server
(ACS)
22. ©2018 Visa. All rights reserved.22 Source: EMVCo - EMV® 3-D Secure – Protocol and Core Functions Specification version 2.0.0, October 2016
3-D Secure 2.0 Environment
Customer
shops
Directory
Server
Access Control Server
(ACS)
Issuer
*Note: gray dashed arrows and 3DS Requestor are not part of 3DS specifications
Challenge
Request/Response
3DS Method
3DS
Requestor3DS
Client
3DS Server
3DS Requestor APIs/3DS Server APIs/Browser interaction
3DS Requestor Environment
23. ©2018 Visa. All rights reserved.23 Source: EMVCo - EMV® 3-D Secure – Protocol and Core Functions Specification version 2.0.0, October 2016
Out-of-band step-up authentication
Customer
shops
Directory
Server
ACS Server
Challenge
Request/Response
3DS Method
3DS
Requestor3DS
Client
3DS Server
3DS Requestor APIs/3DS Server APIs/Browser interaction
3DS Requestor Environment
Issuer
24. ©2018 Visa. All rights reserved.24 Source: EMVCo - EMV® 3-D Secure – Protocol and Core Functions Specification version 2.0.0, October 2016
Out-of-band step-up authentication
Visa ID Intelligence
Biometrics
Customer
shops
Directory
Server
ACS Server
Initiate authentication request1
Challenge
Request/Response
3DS Method
3DS
Requestor3DS
Client
3DS Server
3DS Requestor APIs/3DS Server APIs/Browser interaction
3DS Requestor Environment
Issuer
25. ©2018 Visa. All rights reserved.25 Source: EMVCo - EMV® 3-D Secure – Protocol and Core Functions Specification version 2.0.0, October 2016
Out-of-band step-up authentication
Customer
shops
Directory
Server
ACS Server
Initiate authentication request1
Challenge
Request/Response
3DS Method
3DS
Requestor3DS
Client
3DS Server
3DS Requestor APIs/3DS Server APIs/Browser interaction
3DS Requestor Environment
Issuer
Visa ID Intelligence
Biometrics
26. ©2018 Visa. All rights reserved.26 Source: EMVCo - EMV® 3-D Secure – Protocol and Core Functions Specification version 2.0.0, October 2016
Out-of-band step-up authentication
Customer
shops
Directory
Server
ACS Server
Perform authentication
Initiate authentication request1
3
Challenge
Request/Response
3DS Method
3DS
Requestor3DS
Client
3DS Server
3DS Requestor APIs/3DS Server APIs/Browser interaction
3DS Requestor Environment
Issuer
Visa ID Intelligence
Biometrics
27. ©2018 Visa. All rights reserved.27 Source: EMVCo - EMV® 3-D Secure – Protocol and Core Functions Specification version 2.0.0, October 2016
3-D Secure 2.0 Environment
Customer
shops
Directory
Server
Access Control Server
(ACS)
Issuer
*Note: gray dashed arrows and 3DS Requestor are not part of 3DS specifications
Challenge
Request/Response
3DS Method
3DS
Requestor3DS
Client
3DS Server
3DS Requestor APIs/3DS Server APIs/Browser interaction
3DS Requestor Environment
28. For more information
Visa ID Intelligence
www.visaidintelligence.com
EMV® 3-D Secure
https://www.emvco.com/emv-technologies/3d-secure/
Money 20/20 in Las Vegas from Oct 22-24, 2018
Look for the Visa kiosk in the Pavilion at the FIDO® Alliance booth #1259
All brand names, logos and/or trademarks are the property of their respective owners, are used for identification purposes only, and do not necessarily imply product endorsement or affiliation with Visa.