Banks in Europe have deployed customer authentication solutions for several years. These solutions have served their purpose well and enabled customers to safely log in to their bank accounts. In the world of e-commerce, these solutions, when used, have been successful in combatting online payment fraud. 

The Second Payment Services Directive (PSD2) and its associated Regulatory Technical Standards (RTS) dramatically change the payment landscape, considering:

  • The mandate for strong, multi-factor authentication, 
  • The emergence of Third Party Providers (TPP) accessing accounts via open APIs

The success of PSD2 will ultimately be determined by how well banks can balance user convenience with security obligations, while maximizing reach. As such, they may want to evaluate how well their legacy authentication solutions meet this new need. 

FIDO authentication standards have been proposed as a way for banks to meet all requirements in a PSD2 world — but is the change from a legacy method to FIDO worthwhile? This paper proposes guidance to banks to help them decide. 

The paper describes FIDO Authentication standards and compares it with legacy authentication methods used to access an account or secure an online payment. The methods compared are SMS OTPs, hardware OTP generators, CAP readers, and proprietary smartphone and biometrics-based solutions in terms of PSD2 compliance, security, usability and scalability. Ultimately, the paper answers the question: Why change to FIDO?


More

White Paper: Replacing Password-Only Authentication with Passkeys in the Enterprise

Editors Khaled Zaky, Amazon Web Services Abstract This white paper describes the need for a…

Read More →

White Paper: FIDO Deploying Passkeys in the Enterprise – Introduction

Editors Dean H. Saxe, Amazon Web Services, Co-Chair FIDO Enterprise Deployment Working Group 1. Introduction…

Read More →

White Paper: FIDO Attestation: Enhancing Trust, Privacy, and Interoperability in Passwordless Authentication

Editors Khaled Zaky, Amazon Web ServicesMonty Wiseman, Beyond IdentitySean Miller, RSA Security Eric Le Saint, Visa…

Read More →