六月 4, 2020

White Paper: PSD2 Support: Why Change to FIDO

Banks in Europe have deployed customer authentication solutions for several years. These solutions have served their purpose well and enabled customers to safely log in to their bank accounts. In the world of e-commerce, these solutions, when used, have been successful in combatting online payment fraud. 

The Second Payment Services Directive (PSD2) and its associated Regulatory Technical Standards (RTS) dramatically change the payment landscape, considering:

  • The mandate for strong, multi-factor authentication, 
  • The emergence of Third Party Providers (TPP) accessing accounts via open APIs

The success of PSD2 will ultimately be determined by how well banks can balance user convenience with security obligations, while maximizing reach. As such, they may want to evaluate how well their legacy authentication solutions meet this new need. 

FIDO authentication standards have been proposed as a way for banks to meet all requirements in a PSD2 world — but is the change from a legacy method to FIDO worthwhile? This paper proposes guidance to banks to help them decide. 

The paper describes FIDO Authentication standards and compares it with legacy authentication methods used to access an account or secure an online payment. The methods compared are SMS OTPs, hardware OTP generators, CAP readers, and proprietary smartphone and biometrics-based solutions in terms of PSD2 compliance, security, usability and scalability. Ultimately, the paper answers the question: Why change to FIDO?

MORE Building the Business Case

Download Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 401 Edgewater Place, Suite 600, Wakefield, MA, 01880, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.