More than 40 million Target shoppers were caught off guard when their credit card accounts were hacked in 2014, but it came as no surprise for many security researchers, who had been predicting an authentication attack for more than a decade. The incident sparked American consumer interest in “chip cards,” credit and debit cards that use embedded microchips. Known as EMV, the chip technology is difficult to clone and “skim,” making it more secure than the older magnetized swipe bars. Chip cards have been widely used in most of the world for more than a decade but only recently became common in the U.S.
As with many security upgrades, it took a crisis for EMV use to become mainstream. The move was standardized and supported by EMVCo, an alliance of American Express, Discover, JCB, MasterCard, UnionPay and Visa. Although these brands normally operate as competitors, the companies knew that no single entity could provide a comprehensive solution. These stakeholders united to ensure the ongoing viability of their industry and the safety of their consumers.
EMVCo has collaborated with the FIDO Alliance, an industry consortium developing open, interoperable authentication standards, including password alternatives like fingerprint scanners. The diverse membership of FIDO attests to the far-ranging impact of its work: Google, Goldman Sachs, and the Australian government are among the organizations engaged with the project.
By working together and defining device-agnostic standards, FIDO says its ecosystem can “grow and scale by means of the ‘net effect,’ where any new implementation of the standards will be able to immediately interoperate with any other implementation without the need for any pre-established arrangement between device developer and service provider.”
FIDO Alliance members have a vested interest in the measures succeeding and have agreed not to assert their patent rights against others under specific circumstances. By operating as a collaborative group, members have been able to harmonize new and existing technologies to strengthen the authentication process across all devices.
The “net effect” and interoperability model have become increasingly important as the Internet of Things (IoT) saturates our lives. Many smart devices lack an adequate security layer and are susceptible to hacking – an unnerving threat given the expanding use of IoT technology in everything from baby monitors to offshore oil and gas platforms. A number of collaborative groups are already hard at work to develop and standardize a security strategy. The Industrial Internet Consortium, for example, has developed a Business Strategy and Innovation Framework for the industrial IoT, which identifies and analyzes critical initiatives for its 250 members.
These organizations aim to prevent (rather than react to) major data or privacy breaches. It is a goal that spans economics, social interests and politics and which affects us all. It’s a pressing example of how interested groups – business, governments, consumers – can collaborate for meaningful, wide-reaching results.