W3C adopts password-free login standard

W3C approves WebAuthn as the web standard for password-free logins — VentureBeat — “The specification lets users log into online accounts using biometrics, mobile devices, and/or Fido security keys. WebAuthn is supported by Android and Windows 10. On the browser side, Google Chrome, Mozilla Firefox, and Microsoft Edge all added support last year. Apple has supported WebAuthn in preview versions of Safari since December.”


New PCI standard to let merchants accept dongle-free contactless payments on smartphones and tablets

PCI SPoC and Contactless standards: What to expect in 2019 — PCI Security Standards Council — “The aim is to develop security requirements for solutions that enable a merchant’s COTS [Commercial off-the-shelf] device to accept contactless payments without the need for a dongle or other type of peripheral reader by leveraging the native NFC capabilities inherent to a COTS phone or tablet.”



NFC Forum expands support for device pairing and personal healthcare monitoring

Four NFC Forum technical specifications speed and enable new NFC services — NFC Forum — “The Connection Handover Technical Specification 1.4 allows users to define additional specific services when two devices are paired together using other wireless communication technologies, such as Bluetooth or WLAN by a tap of an NFC-enabled device. The Personal Health Device Communication (PHDC) Technical Specification 1.2 defines the exchange of ISO/IEEE 11073 messages often used for personal healthcare devices such as heart, blood pressure and glucose monitors. Also, updates were made to the NFC Digital Protocol Technical Specification 2.1 and NFC Controller Interface (NCI) Technical Specification 2.1.”


GlobalPlatform adds financial configuration that makes it easier to add payment, access control and transport ticketing applications to wearables

GlobalPlatform enhances secure element deployment for payment-enabled wearables — GlobalPlatform — “Wearables such as smart rings and smart wristbands are bridging the gap between simple cards and feature-rich smartphones by enabling consumers to pay, unlock and travel with a tap,” comments Gil Bernabeu, technical director of GlobalPlatform. “This new configuration standardizes all of this, saving implementers time and money, increasing revenue opportunities and enriching the experience for consumers.”


GlobalPlatform sets out IoT security role for secure elements

GlobalPlatform simplifies implementation of standardized IoT device security — GlobalPlatform — “GlobalPlatform, the standard for secure digital services and devices, has published a configuration that simplifies the implementation of secure element (SE) specifications for the protection of internet of things (IoT) devices… The configuration supports root of trust (RoT) device identity, the protection of critical assets, state-of-the-art AES cryptography for device management and authentication, allowing automatic enrolment to online cloud services.”



Korea’s central bank to build bank account-based mobile payments settlement system

Central bank to develop settlement service to expand mobile cash card payment — Yonhap News — “The South Korean central bank said Tuesday that it will adopt a new mobile cash card settlement service starting next year in a bid to expand simplified mobile payments in the country. A council on financial information by the Bank of Korea (BOK) and local banks decided to develop technological standards and a mobile application for the new service that enables sellers to receive money directly from the buyer’s bank account.”



EBA issues opinion on strong customer authentication requirements under PSD2

Opinion of the European Banking Authority on the implementation of the RTS on SCA and CSC — European Banking Authority — “The regulatory technical standards (RTS) on strong customer authentication (SCA) and common and secure communication (CSC) underpin the new security requirements under PSD2… The EBA has decided to issue an opinion in order to respond to a number of the numerous queries the EBA and competent authorities have received from market participants and aims to provide clarity on the implementation of certain aspects of the RTS that were published.”



TCL picks ST’s NFC controller for Alcatel 3V smartphone

STMicroelectronics’ NFC technology chosen to distinguish TCL Communication’s Alcatel 3V smartphone through outstanding contactless user experience — STMicroelectronics — PARTNER NEWS — “ST’s technology ensures robust connectivity for fast and reliable contactless payments, e-ticket transactions, peer-to-peer data transfer, and emerging use cases including interacting with ‘physical web’ objects like smart posters or store shelves. Superior RF performance also helped TCL Communication to streamline certification to mandatory stringent EMVCo, GSMA and NFC Forum standards for handsets.”



Japanese banks to begin QR mobile payments pilot

Japan’s megabanks aim to introduce unified smartphone payment system — The Mainichi — “MHFG announced that it will soon embark on a verification test of smartphone payments with Toho Bank, headquartered in Fukushima Prefecture, using the barcodes. It is thought that the results of the test will be used to create uniform standards for the two-dimensional barcodes that are currently being mulled by the three banking groups.”


PCI updates payment device standard to support PIN entry on mobile phones and tablets

PCI Security Standards Council updates payment device standard to support software-based PIN entry on COTS — PCI Security Standards Council — “The updated device standard supports the development of PCI software-based PIN entry on COTS (SPoC) solutions for merchants that enable EMV contact and contactless transactions with PIN entry on commercial off-the-shelf (COTS) devices, such as tablets and smartphones.”



US regulators simplify licensing process for fintechs

State regulators take first step to standardize licensing practices for Fintech payments — Conference of State Bank Supervisors — “Seven states have agreed to a multi-state compact that standardizes key elements of the licensing process for money services businesses (MSB). The agreement: If one state reviews key elements of state licensing for a money transmitter — IT, cybersecurity, business plan, background check, and compliance with the federal Bank Secrecy Act — then other participating states agree to accept the findings… Other states are expected to join this compact.”


GlobalPlatform explains the role of standards in an increasingly diversified payments landscape

Cover: Standardizing the future of payments in an increasingly diversified world

The increasing diversity of devices, services and players in the mobile payments ecosystem has led to the need for standards and certification to manage fragmentation, prevent fraud and ensure consistent user experience, GlobalPlatform’s Gil Bernabeu explains in a new paper now available to download from the NFC World Knowledge Centre... More


PCI publishes specifications for PIN entry on mobile phones and tablets

PCI Security Standards Council publishes security requirements for software-based PIN entry on COTS devices — PCI Security Standards Council — “The PCI Software-Based Pin Entry on Cots (SPoC) standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with pin entry on the merchant’s consumer device using a secure pin entry application in combination with a Secure Card Reader for Pin (SCRP).”


Feed for stories about Standards.