CardinalCommerce is currently developing a Fast Identity Online (FIDO) authentication solution for both browser-based web applications and native mobile applications.
So, what is FIDO exactly?
FIDO is a standardized authentication protocol used to strongly authenticate a cardholder on their device, without relying on passwords or one-time passcodes (OTPs). FIDO can be used with EMV® 3-D Secure and Delegated Authentication (DA) to provide a solution for strong authentication, including requirements for PSD2’s strong customer authentication (SCA). Unlike password databases, FIDO stores personally identifying information (PII), such as biometric authentication data, locally on the user’s device to protect it.
Why choose FIDO?
-Increased security
-Additional trust
-Consistent, seamless experiences for your customers
-Less fraud and false declines – without adding additional friction
Why is this important?
Because consumers confidence levels in passwords have fallen. As a matter of fact, only 45% of consumers feel passwords are secure. ¹ Even more alarming – 1/3 of online purchases are abandoned due to forgotten passwords. ² Think about your business – what would losing 1/3 of your sales because of a forgotten password mean to your bottom line?
In the context of payments, FIDO is used to associate an authenticated cardholder and their payment credential(s) to a FIDO compatible device. The cardholder is bound to their device and payment credentials to provide a faster and more secure checkout in the future. Once this association has been established, the cardholder can simply authenticate their subsequent online purchases with participating merchants by using their device’s embedded capabilities such as biometrics. Meaning, once registration is completed, authentication can be as easy as a swipe of a fingerprint for your customers – and transactions are more secure – helping to lower fraud and false declines for you.
Why is FIDO so important?
-FIDO is an industry standard that provides an additional layer of security and trust.
-FIDO helps improve authorization rates on fully authenticated transactions, lower false declines, and provide a consistent, seamless customer experience.
-FIDO supports PSD2 SCA and strong 2FA compliance without adding additional friction.
-No passwords or OTPs are stored that can be phished or stolen, helping to increase security and reduce fraud.
-Customers trust the merchants they are shopping with, and our FIDO solution gives them a great customer experience and path to supporting network DA.
Speaking of DA, what is that you may ask? Delegated Authentication is the framework that allows merchants that qualify to perform SCA on behalf of the issuer. In the EU, where SCA is required to be performed for the majority of e-commerce transactions, merchants can implement FIDO authentication within their checkout experience to help issuers meet the regulatory requirements of SCA.
When merchants use strong authentication methods such as FIDO to perform DA, the details regarding that authentication can be provided to the issuer via EMV 3DS so that the issuers can be confident that the cardholder was strongly authenticated – and their SCA obligations are met.
When issuers delegate authentication to merchants, this allows merchants to provide a more consistent customer experience and reduce friction during checkout. FIDO and DA work for issuers because they can have confidence that authentication was performed using an industry standard, that the authentication methods used comply with payment mandates, and that the device is owned by the cardholder. This allows for a minimal investment on the issuers’ side, as well as the potential for higher sales conversions.
Both merchants and issuers benefit from FIDO. And most importantly, your customers do too!
There’s a lot more to come. If you are interested in learning about FIDO and Cardinal’s suite of payment decisioning solutions, let’s talk.
¹ 2021 Identity Fraud Report, Javelin Strategy.
² https://fidoalliance.org/what-is-fido/
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC