September 9, 2020

White Paper: FIDO Transaction Confirmation

  • Version
  • Download 4
  • File Size 329 KB
  • File Count 1
  • Create Date September 9, 2020
  • Last Updated September 9, 2020

White Paper: FIDO Transaction Confirmation

Besides generic session authentication, there is an increasing need to gather explicit user consent for a specific action, i.e. “Transaction Confirmation”. Transaction Confirmation allows a relying party to not only determine if a user is involved in a transaction, but also confirm that the transaction is what the user actually intended – for example, whether they intended to pay $1000 to company X for purchasing product Y, or whether they consent to have specific data shared with another party, such as test results with a doctor.

This paper provides an overview on Transaction Confirmation and the drivers for its support including: regulatory requirements (PSD2, eIDAS); addressing friendly and mobile fraud; and to enable online binding agreements. It explains current approaches for Transaction Confirmation, including through FIDO protocols for native applications, and the value of adding support for it directly in web browsers. It concludes with a call for feedback from relying parties on whether they would like to see Transaction Confirmation should be supported directly in web browsers.

MORE


CISA Cites FIDO Authentication to Protect Political Campaigns

Andrew Shikiar, FIDO Alliance Executive Director & CMO  The US...

September 11, 2020

Financial Action Task Force Guidance Points to FIDO as Preferred Approach to Combat Authentication Vulnerabilities

This month, the Financial Action Task Force (FATF) released its...

March 18, 2020

Davos: World Economic Forum Points to FIDO as Viable Alternative to Passwords

Andrew Shikiar, executive director and CMO, FIDO Alliance A new...

January 22, 2020

NTT DOCOMO introduces passwordless authentication for d ACCOUNT

NTT DOCOMO, Japan’s largest mobile network operator with over 78...

October 14, 2019

Global Security Mag: Credential Stuffing: Another String to the Hackers’ Arch

Focus on the credential stuffing threat, what it’s about, the...

January 22, 2021

Computerwoche: Security in the Financial Industry

Banks are a popular target for hackers. Biometric authentication methods...


PC Mag UK: How to Protect Your Online Accounts With a Physical Security Key

You can also use the YubiKey as authentication to sign...


Forbes: Time to Retire The Password? What A New Authentication Can Mean For SSO

In the wake of the recent SolarWinds breach, Arshad Noor,...

January 15, 2021
Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.