September 13, 2018

White Paper: FIDO & PSD2 – Providing for a Satisfactory Customer Journey

This white paper examines the different authentication models that could apply within the interactions of a Third Party Provider and an Account Servicing Payment Service Provider. It proposes the FIDO standards as a solution to simplify the user experience, for any of these models, in a way that meets the Strong Customer Authentication requirements of PSD2.

When PSD2 is deployed in Europe, users will be able to take advantage of services offered by Third Party Providers (TPPs) to trigger payments or to view account information. These users will typically start interacting on the TPP’s user interface. However, at the point when a TPP will request from an Account Servicing Payment Service Provider (ASPSP) access to a user’s account(s), the PSD2 Regulatory Technical Standards (RTS) for Strong Customer Authentication (SCA) require that the user be strongly authenticated by the ASPSP and demonstrate that he/she has provided consent for the operation that the TPP is requesting to execute.

The Strong Customer Authentication requirement introduces challenges in the customer experience as there are no longer just two parties involved, the user and its bank, but three: The end user journey starts and ends on the TPP’s user interface.

TPPs will interface with the ASPSPs via open APIs. A number of standardization bodies have released drafts of such Open APIs, for example, the Open Banking Implementation Entity (OBIE) in the UK, STET in France and the Berlin Group for various European countries.

These specifications describe how Strong Customer Authentication should be implemented and several models have been defined, if not (yet) fully specified: the redirection, decoupled and embedded models. At the time of this paper’s release, a potential delegated model is also being discussed. These models vary in the way the user interacts with the TPP and the ASPSP and have a deep impact on both the user experience and the security of the user’s financial accounts.

This paper examines the advantages and drawbacks of the different SCA compliant authentication models and outlines how FIDO compliant solutions deliver the best user experience in any of these models, in a way that meets the needs of TPPs and ASPSPs.

MORE Intro to FIDO

White Paper: FIDO for e-Government Services

The global COVID-19 pandemic closed offices and forced governments to...

December 13, 2022

FIDO Masterclass

Learn how FIDO Authentication works, and why its a simpler,...

October 26, 2021

The State of Strong Authentication

Passwordless Authentication – the next breakthrough in secure digital transformation....

Authenticate 2021: Welcome Address

Join Andrew Shikiar, FIDO’s Executive Director & CMO, as he...

Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.