Snippet: In December last year, Entersekt gained FIDO Alliance certification for the FIDO2 server protocol. It had been a long and complex process, so you may wonder why we set out to expand our offering and gain that stamp of approval in the first place. We already had a broad, market-leading authentication portfolio, including a state-of-the-art push authentication solution. Why does Entersekt care so much about FIDO2?

In December last year, Entersekt gained FIDO Alliance certification for the FIDO2 server protocol. It had been a long and complex process, so you may wonder why we set out to expand our offering and gain that stamp of approval in the first place. We already had a broad, market-leading authentication portfolio, including a state-of-the-art push authentication solution. Why does Entersekt care so much about FIDO2? 

First, let’s talk about what FIDO2 actually is.

One security token to rule them all

FIDO, short for Fast IDentity Online, has been the industry’s answer to the world’s over-reliance on passwords since 2013. Based on free and open standards, FIDO2 is a set of specifications leveraging public-key cryptography and other technologies to provide strong authentication when logging into online services from a desktop or mobile device.

FIDO2 allows consumers to use a single cryptographic authenticator, such as a smartphone or a hardware key, to authenticate themselves with different service providers. Gone are the days when they would have to download dedicated authentication apps or, even worse, deal with proprietary hardware tokens to gain similar capabilities.

Read our blog post Passwordless authentication: The future is here to find out why we think passwords are passé.

Making the SCA circle bigger 

So, back to the question of why Entersekt cares about FIDO2. Why did we expand our customer authentication solution to include it?

As specialists in strong customer authentication (SCA) and frictionless, omnichannel banking and payments experiences, it seemed only right that we offer our customers greater choice – so that they can do so for their customers in turn.

By implementing FIDO2, financial institutions can now give their customers the option to authenticate themselves on a website: they no longer need a mobile app to do so. This is especially relevant for people who either do not have a compatible smartphone or prefer not to use their smartphone as an authentication device. Previously, they had to endure unsafe SMS one-time passwords or inconvenient hardware tokens.

Entersekt has been a member of the FIDO Alliance for most of its existence – and ours. Download our fact sheet, FIDO passwordless authentication for more information.

Another interesting use case of FIDO2 is delegated authentication (also called “merchant delegation”). With the aim of increasing the security of electronic commerce transactions, Europe’s Revised Payment Services Directive (PSD2) mandated the use of strong, multi-factor authentication for online payments. While SCA was introduced to boost the security of transactions, the forms it most commonly takes have resulted in additional friction, raising the rate of transaction abandonment.

Fortunately, PSD2 holds the answer to this problem. The regulations allow banks to delegate SCA to third parties such as merchants and wallet providers. Delegated authentication allows consumers to stay within the merchant environment from the moment they start browsing all the way to checkout. The payment can be completed with a single click or biometric verification, regardless of whether the user is shopping on a website or app.

What's next for the FIDO community?

FIDO’s original goal was to eliminate passwords. And together with other developments like behavioral biometrics, we are getting closer and closer to that passwordless future. With FIDO2, a PSD2-compliant authentication solution that promises enhanced customers experience, FIDO broadened its scope; it became relevant in financial services and payments applications. That is not the end of its story.

We will see FIDO2 appearing in more and more use cases. One example is eIDAS (Electronic Identification, Authentication and trust Services). This European Union regulation was created to establish trust in electronic transactions between individuals, organizations, and government entities across member states by standardizing digital IDs and digital signatures. Smart card-based electronic IDs are the usual means for providing high assurance in the scheme, but eIDs lack wide user acceptance for accessing online services because consumers find them too complex to use. Further adoption of smartphones and FIDO2 would go a long way to overcoming these drawbacks. 


Will the authentication puzzle ever be solved? Read our authentication ebook New directions in authentication to find out more.

 

Subscribe to our blog.


 

 

Melanie Maier

DIRECTOR CHANNEL PARTNERSHIPS EUROPE

Melanie is focused on helping financial institutions and enterprises achieve compliance through strong authentication and state-of-the-art app security while simultaneously enabling exciting new digital experiences. She is also country ambassador (Germany) for the European Women Payments Network, where she helps to grow the network in order to bring more female voices and diversity to the payment industry.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.