Banks in Europe have deployed customer authentication solutions for several years. These solutions have served their purpose well and enabled customers to safely log in to their bank accounts. In the world of e-commerce, these solutions, when used, have been successful in combating online payment fraud.
The Second Payment Services Directive (PSD2) and its associated Regulatory Technical Standards (RTS) dramatically change the payment landscape, considering:
-- The mandate for strong, multi-factor authentication,
-- The emergence of Third Party Providers (TPP) accessing accounts via open APIs
The success of PSD2 will ultimately be determined by how well banks can balance user convenience with security obligations, while maximizing reach. As such, they may want to evaluate how well their legacy authentication solutions meet this new need.
FIDO authentication standards have been proposed as a way for banks to meet all requirements in a PSD2 world — but is the change from a legacy method to FIDO worthwhile?
This webinar covers FIDO Authentication standards and how they compare with legacy authentication methods used to access an account or secure an online payment. The methods compared are SMS OTPs, hardware OTP generators, CAP readers, and proprietary smartphone and biometrics-based solutions in terms of PSD2 compliance, security, usability and scalability.
Read this to find out: Why change to FIDO?
We know that passwords have very weak security and poor usability – but the thing that doesn’t (or didn’t“) get enough attention was the risk associated with OTPs. Not only do OTPs present major usability challenges (what’s worse than one password? Two passwords) but OTPs are also centrally stored secrets, just for a shorter timeframe. As such, they are succeceptible to large-scale attacks and/or spear-phishing – as we’ve seen in some very well-documented breaches.
This really is the crux of what FIDO is trying to do – it’s eliminating use of all shared secrets, not just passwords.
FIDO’s goal from day one was to transform the market away from dependence on centrally stored shared secrets to a model that uses public key cryptography and allows consumers to authenticate through devices that they literally have in their fingertips every day. It’s simpler and stronger authentication.
FIDO rapidly realized this goal with the initial release of FIDO’s UAF and U2F specifications in 2015.
History of the Alliance: Organization was organized in 2012, open to any organization to join in 2013 with the mission to solve the world’s password problem
FIDO was launched with just 6 member companies. Today we have more than 250 members from around the world – including the Board of Directors that you see represented here
My favorite way of looking at this list of logos is consider closing your eyes and asking yourself “what companies do we need have sitting around a board table to help solve the password problem?” – and I suspect it would look a lot like this
We have major platform providers and manufacturers creating devices that we all use every day
We have leaders in security, biometrics and identity – both established companies and innovative start-ups
Last but not least, we have companies whose very businesses depend on their ability to deliver high-assurance services to billions of users around the world
-2019 was Significant year in terms of fido2 adoption
-Platform authenticators are certified
-Brings reach of fido2 to billions of users using these platforms
-Browser support grown in breadth and depth
-Ex: Stronger initial and growing support in safari for fido2
-Safari13 supports security keys on macOS, iOS and iPadOS
-Significant year in terms of fido2 adoption
-Platform authenticators are certified
-Brings reach of fido2 to billions of users using these platforms
-Browser support grown in breadth and depth
-Ex: Stronger initial and growing support in safari for fido2
-Safari13 will support security keys on macoS
- You can deploy across any mainstream OS today