Besides generic session authentication, there is an increasing need to gather explicit user consent for a specific action, i.e. “Transaction Confirmation”. Transaction Confirmation allows a relying party to not only determine if a user is involved in a transaction, but also confirm that the transaction is what the user actually intended – for example, whether they intended to pay $1000 to company X for purchasing product Y, or whether they consent to have specific data shared with another party, such as test results with a doctor.

This paper provides an overview on Transaction Confirmation and the drivers for its support including: regulatory requirements (PSD2, eIDAS); addressing friendly and mobile fraud; and to enable online binding agreements. It explains current approaches for Transaction Confirmation, including through FIDO protocols for native applications, and the value of adding support for it directly in web browsers. It concludes with a call for feedback from relying parties on whether they would like to see Transaction Confirmation should be supported directly in web browsers.


More

White Paper: Displace Password + OTP Authentication with Passkeys

Editors Husnan Bajwa, Beyond IdentityJosh Cigna, YubicoJing Gu, Beyond Identity Abstract For enterprises that have…

Read More →

White Paper: High Assurance Enterprise FIDO Authentication

Editors Sean Miller, RSA Abstract Enterprises should consider using passkeys, especially if they are currently…

Read More →

White Paper: FIDO Authentication for Moderate Assurance Use Cases

Editors Jerome Becquart, AxiadGreg Brown, AxiadMatt Estes, Amazon Web Services Abstract The intent of this…

Read More →


12314 Next