February 9, 2016

FIDO Alliance Launches Policy Program, Recommends EBA Embrace FIDO Authentication

Brett McDowell, Executive Director

In a first example of many where the FIDO Alliance is going to be engaging policy makers on the topic of authentication, we submitted comments to the European Banking Authority (EBA) on their Discussion Paper on future Draft Regulatory Technical Standards on Strong Customer Authentication and Secure Communication (“Discussion Paper”) under the revised Payment Services Directive (PSD2), whose public comment period closed yesterday.

For background, the EBA has been tasked with developing a regulatory technical standard for strong consumer authentication for payment service providers across Europe, as required by PSD2. Generally speaking, the standards are meant to define the requirements for strong authentication for access to online payment accounts, making electronic payment transactions and/or enabling third party access to payment accounts at consumers’ request. The EBA issued a discussion paper in December to collect external input into the process before launching its standards development effort.

In the FIDO Alliance response to the EBA, we detail how FIDO-compliant implementations that follow security best practices are ideal examples of what the EBA regulations for “strong customer authentication” under PSD2 are striving to foster: simpler, stronger authentication capabilities that merchants and consumers will adopt at scale. We also go one step further and describe how the EBA’s acceptance of FIDO’s public key cryptographic architecture, especially when combined with on-device biometrics, will reduce the vulnerability surface of their payment service providers — and presumably also reduce online fraud rates as a result —  and accelerate overall online payment volume through reduced friction in the user experience.

We are encouraged that the EBA has taken an inclusive approach and invited stakeholders in the payments market to provide input into the development of their regulatory requirements. As a global industry consortium of more than 250 organizations, many of whom are regulated payment service providers and/or financial institutions, the FIDO Alliance has a unique understanding of the challenges industry and government face in balancing strong consumer demand for easy-to-use solutions with necessary security controls. This is particularly true when it comes to keeping transactions easy and secure on a mobile device.

We look forward to any opportunity to have further engagement with the EBA on the topic of strong customer authentication, and how FIDO specifications play an important role in the specific requirements EBA puts forward at the end of this process. As we get more inquiries from policymakers and regulators curious about FIDO, we’re also looking forward to engaging in more meaningful discussion on authentication with policymakers around the world. If you are a policy maker working on authentication requirements and you would like to request a briefing from the FIDO Alliance, please contact us.

MORE Announcements


FIDO Alliance Opens Free Registration for Authenticate 2020 Conference

Virtual conference being held November 9-19 Mountain View, Calif., October...

October 14, 2020

Authenticate 2020 Conference, Hosted by FIDO Alliance, to be Virtual Event this November

Mountain View, Calif., July 22, 2020 – The FIDO Alliance...

July 23, 2020

Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com

The FIDO Alliance has launched a new microsite, LoginWithFIDO.com, for...

July 9, 2020

Expanded Support for FIDO Authentication in iOS and MacOS

Andrew Shikiar, Executive Director & CMO, FIDO Alliance At its...

July 1, 2020
Download Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.