FIDO Alliance Bringing Stronger Authentication to Payments
FIDO Alliance recently hosted a demonstration pavilion at April’s annual TRANSACT16 Conference. Over the course of the event we heard four themes: no one likes passwords, strong authentication no longer requires compromise, mobile payments have found new protocols, and FIDO authentication is very real in the payments industry.
At the conference, the FIDO Alliance joined with nine of its member companies (Egis Technology, Ledger, mSIGNIA, Samsung SDS America, Sensory, Inc, StrongAuth, Inc., SurePass ID, Synaptics and OneSpan) to raise awareness of these issues and to showcase the evolution towards stronger, simpler authentication backed by FIDO protocols.
Let’s have a look at the key takeaways from the show:
Passwords still rule payments, but change is on the way.
It was resoundingly clear from the conversations we and our members had on the show floor that passwords are still king for authentication related to payments online. However, more and more merchants are coming to terms with the risks associated with letting customers get by with weak credentials — that can’t protect the customer’s data and increase the exposure to risks and liabilities. Likewise, companies are becoming more attuned to the tie between weak enterprise credentials and the risk of data breach. (According to the recently released Verizon Data Breach Investigation Report, a staggering 63% of breaches were caused by weak credentials).
Stronger authentication is desired, but education is required.
Of the hundreds of attendees who stopped by the FIDO Pavilion, it was interesting to find that many understood the need to move towards stronger authentication, but they didn’t know how to start down that path. A common misconception was that authentication solutions can’t have have both greater security and usability. It was fascinating to see the ‘a-ha’ moment that people had when experiencing the ease-of-use of facial, voice and biometric authentication — and also the understanding that there’s a vibrant, interoperable ecosystem of FIDO® Certified servers and authenticators.
Mobile payments are an ideal application for FIDO solutions.
Mobile payments are no longer the wave of the future — they are here and they are rapidly growing in number, both for remote (online) mobile payments as well as for in-store proximity payments. The rapid growth in devices with biometric capabilities is leading to a corresponding spike in biometric authentication for transactions. Some of the most forward-thinking attendees who stopped by the FIDO Pavilion were those developing and running mobile payment solutions, such as ongoing work by FIDO Founding member PayPal as was detailed further at the conference. Many companies are already leveraging FIDO for passwordless authentication using built-in fingerprint sensors and other biometric capabilities.
TRANSACT education track attendees saw that FIDO is real, and is global.
In the pre-conference education track session hosted by FIDO Executive Director Brett McDowell’s, attendees learned not only about the ins and outs of FIDO’s approach to strong authentication, but also got a bird’s-eye view of real-world FIDO mobile payment solutions from BC Card and Ledger. (BC Card will also be presenting their case study at the upcoming FIDO Seminar in Berlin on May 9, 2016). You can view all slides from the education track session here.
ETA is a great supporter of FIDO.
ETA is an official Liaison Partner of FIDO and a dedicated supporter of our mission. We are grateful for their ongoing commitment, hospitality and enthusiasm. Check out an archive of their Facebook Live broadcast tour of the solutions that were on display in the FIDO Security Tech Zone.