[Openid-specs-fapi] Issue #295: Possible support for "embedded" SCA mode (openid/fapi)

Anders Rundgren anders.rundgren.net at gmail.com
Thu Jun 4 14:12:48 UTC 2020

On 2020-06-04 16:00, Joseph Heenan wrote:
 >> On 4 Jun 2020, at 14:57, Anders Rundgren <anders.rundgren.net at gmail.com> wrote:
 >> On 2020-06-04 15:06, Joseph Heenan wrote:
 >>> I don’t see why we need new ideas when what we already have in FAPI, and the extensions around embedded being proposed in this thread, already work for the EMV use case.
 >> OK, EMV authorization should be a part of the FAPI standard?  That's at least how the NextGenPSD2 folks intend to deal with this issue.
 > Can you concisely explain what would be required for it to "be a part of the standard”, or why it would need changes to the standard if the standard already allows for it?

An EMV authorization is created in the shop inside of a payment terminal (+ card).
After that the completed authorization is sent downstream and eventually ends up in the issuer bank where it is decoded and verified.

That is, the payment request will be augmented with specific authorization data which then will be dealt with by the ASPSP aided by an internal credential database.
Unlike existing SCA solutions which are abstract, this is concrete.  Either the API supports EMV or it doesn't.

Since there are 9 Billion EMV card is circulation, this is rather tempting.>

 > Is there any info you can share about how NextGenPSD2 are dealing with it?

Done :)


 > Joseph

More information about the Openid-specs-fapi mailing list