EMVCo has released security requirements to support the development of multi-factor authentication (MFA) solutions capable of preventing or detecting attacks that could compromise the security of payment authentication. The "multi-factor authentication solutions for payments security requirements" document is publicly available from the EMVCo website.
MFA is an authentication method that requires the payee to provide two or more factors to confirm their identity. There are three types of authentication factors: "knowledge" (things know), such as a PIN or password; "possession" (things have), such as a smartphone; and "inherence" (things are) such as biometrics.
