Fintech Security

Greater FIDO Can Strengthen Payment Authentication

Despite being the weakest link in cybersecurity, passwords remain the most common digital authentication method.

It’s a challenge that Fast Identity Online (FIDO), a global standard used to authenticate online payments without the need for passwords, has been working to overcome since it was launched in 2012. But a decade later, making the switch to passwordless authentication hasn’t been as easy as expected.

According to Mzukisi Rusi, vice president of solutions at Entersekt, it will take a while to break the decades-old authentication mechanism employed not only by users but even legacy financial institutions (FIs) that still demand the use of a username and password to access their services today.

“As much as we hate it from a security perspective, people still find [passwords] pretty easy,” Rusi told PYMNTS in an interview. “They are fairly ubiquitous, and they don’t need any special technology.”

Read more: FIDO Alliance Says Passwords Still Used More Often Than More Secure Methods

But although the complete elimination of passwords will take a while, he said adopting a phased approach can help accelerate the transition to a passwordless future, starting with the elimination of one-time passcodes (OTPs) delivered through SMS or email in favor of FIDO authentication.

“[FIDO] is the ability for browsers to get access to biometrics [regardless] of the device they’re using at that point in time,” Rusi said. “In the payments context, it’s more secure than passwords or OTPs [and it] adds less friction to the user’s checkout process.”

It also leads to higher transaction success rates for issuers and merchants, he added.

Entersekt, a specialist in strong customer authentication (SCA), has been instrumental in pushing the initiative forward, joining the FIDO Alliance — a consortium which counts leading tech companies like Google, PayPal, Microsoft and Apple as members — in 2013. The FinTech firm also partnered with leading German card issuer PLUSCARD to spearhead the first rollout of FIDO-certified payment authentication in Europe in June 2021.

See also: Passwordless Banking, Payments Must Overcome Consumer Headwinds

Over a year after the solution’s European launch, its success rates prove that it’s working as expected, Rusi said, but there’s still work that needs to be done to put more FIDO compatible devices into the hands of eCommerce users and increase adoption rates in the payments space.

“We see FIDO being pushed out heavily in the market, [and] as more and more people get a hold of it and understand it, that’s when there’ll be a seamless switch over [to passwordless authentication],” he said.

Balancing Merchant, Issuer Needs

Through the FIDO Alliance’s passwordless secure authentication technology, Rusi said Entersekt continues to push boundaries to come up with new and better ways to enable reduced friction in payments authentication.

The web standard known as Secure Payment Confirmation (SPC) is one of those concepts helping to strike a balance between merchants and issuers’ demands. It strikes a balance whereby the user experience or the user interface is controlled by the merchant, while the user is using a passkey or FIDO token that has been registered on the issuer side.

“That’s the next level of improving this experience that we’ve implemented,” Rusi said, adding that he is confident FIDO will play a key role in the future of payments if all parties “buy into this new way of authenticating customers” and collaboration between industry bodies is strengthened without breaking the security standards and principles.

He added that awareness and education around the benefits of FIDO has increased as compared to previous years, signaling growing interest in the solution which will, in turn, translate into higher adoption rates moving forward.

However, there’s still work needed to improve FIDO use in payments, he pointed out, a goal that will require all hands on deck to make it a reality.

As Rusi said: “Various industry bodies [as well as] SPC, some [proofs of concept] and [other] concepts coming out in the market [will] make sure that we improve and make it more accessible and seamless for consumers.”

How Consumers Pay Online With Stored Credentials
Convenience drives some consumers to store their payment credentials with merchants, while security concerns give other customers pause. For “How We Pay Digitally: Stored Credentials Edition,” a collaboration with Amazon Web Services, PYMNTS surveyed 2,102 U.S. consumers to analyze consumers’ dilemma and reveal how merchants can win over holdouts.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *