Besides generic session authentication, there is an increasing need to gather explicit user consent for a specific action, i.e. “Transaction Confirmation”. Transaction Confirmation allows a relying party to not only determine if a user is involved in a transaction, but also confirm that the transaction is what the user actually intended – for example, whether they intended to pay $1000 to company X for purchasing product Y, or whether they consent to have specific data shared with another party, such as test results with a doctor.

This paper provides an overview on Transaction Confirmation and the drivers for its support including: regulatory requirements (PSD2, eIDAS); addressing friendly and mobile fraud; and to enable online binding agreements. It explains current approaches for Transaction Confirmation, including through FIDO protocols for native applications, and the value of adding support for it directly in web browsers. It concludes with a call for feedback from relying parties on whether they would like to see Transaction Confirmation should be supported directly in web browsers.


More

Onboarding the Future: Guide for Edge Deployment with FIDO Device Onboard (FDO)

Why You Should Consider the FDO Standard for Zero-Trust Device Onboarding 1. Executive Summary IoT…

Read More →

White Paper: Secure Payment Confirmation

Editors Marc Findon, Nok Nok LabsJonathan Grossar, MastercardFrank-Michael Kamm, Giesecke+DevrientHenna Kapur, VisaSue Koomen, American ExpressGregoire…

Read More →

White Paper: Displace Password + OTP Authentication with Passkeys

Editors Husnan Bajwa, Beyond IdentityJosh Cigna, YubicoJing Gu, Beyond Identity Abstract For enterprises that have…

Read More →


12315 Next