FIDO: The gamechanger in online payment authentication

The next hottest development on the payment scene is the FIDO authentication method. But how does it work and how can it optimise online payments? We spoke to Netcetera’s Suzana Kordumova Nikolova to learn more about how it could bring big improvements, and why it is relevant now

What is FIDO?

FIDO stands for Fast IDentification Online, and is an authentication protocol that uses standard key cryptography to create a unique pair for each user after they register. The user device stores a private key on the device and registers a public key with the online service. Then whenever the user authenticates themselves in the future, they are prompted to sign a challenge proving they have the private key stored on their device.

As digital payments become more and more relevant, FIDO offers an interesting alternative to current online payment authentication methods. Since biometric methods such as fingerprint, voice or Face ID are readily available, it is much more user-friendly and faster to use. Its ability to be directly integrated into the device also means that mobile and web users do not have to switch interfaces or pages, as is often the case with 3DS authenticated transactions. Additionally, for customers who do not own a mobile device, it offers another way to authenticate transactions with the option of inserting a keyfob device into their desktop or pressing a button. Security is much higher when using FIDO, since users cannot be tricked into sharing their private key the same way as sharing PINs or credentials in phishing attacks. The number of successful transactions also tends to increase, as users are less likely to lose or forget their credentials.

How can FIDO be used in payments?

There are several fields in which FIDO can be used for payments, primarily for Secure Customer Authentication. These include SCA mobile digital banking, 3DS SCA, and delegated authentication respectively. Delegated Authentication is a particularly interesting case, as it involves simplifying the payment flow by transferring responsibility for authentication from the issuer to the merchant.

When FIDO is used in 3DS SCA, the issuer authenticates the user in an authentication application which the user needs to open, authenticate with FIDO and after successful authentication, the user must come back to the shopping application to complete the transaction. Even though authentication with FIDO is very easy, switching between applications creates friction for consumers.

Delegated authentication is meant to ensure SCA with a seamless user experience, thereby decreasing abandonment and fraud, while increasing approval rates. PSD2 SCA rules what ‘strong’ means but it does not imply it is only the issuer’s responsibility. Many merchants identify their customers before the checkout process and use UX friendly methods like biometric identification. This of course makes it even easier for customers to make fast online payments.

Why is FIDO relevant now?

With the entry into force of the 2nd Payment Services Directive in Europe in 2021, many online merchants are seeing their conversion rates take a nosedive due to extra steps in transactions. In Germany alone, failed and abandoned 3DS transactions were recorded to be up to 22% in March this year. It is clear that customers are discouraged by the perceived extra effort required to make an online purchase.

In evaluating the payment market, we can see a lot of potential for FIDO in the European market in particular, as PSD2 requires that every transaction is authenticated with Strong Customer Authentication. FIDO offers SCA in a more intuitive way, either with 3DS SCA or Delegated Authentication. In the future we hope to see merchants integrating Delegated Authentication as the easiest authentication process, delivering a frictionless checkout experience, and having more control over the user experience, with authentication embedded within their web page or their app. Globally, it is recommendable that merchants also introduce Delegated Authentication in the payment process. Even though SCA is not mandatory, it will provide users with a frictionless yet secure means of payment. FIDO is the future of authentication, we can say that with certainty because it is already integrated into the 3DS protocol and accepted by the payment schemes.

About Suzana Kordumova Nikolova

Suzana Kordumova Nikolova is Senior Product Manager in Netcetera’s Secure Digital Payments division. She is leading the development and maintenance of 3DS SDK and Delegated Authentication products. In her 11 years at Netcetera, she has worked on mobile software applications and payment security, and is especially interested in the payment domain with all the complexity it offers.

About Netcetera

Netcetera is a global software company with cutting-edge IT products and individual digital solutions. More than 2,000 banks and issuers, and 150,000 merchants rely on their digital payment solutions and globally certified 3-D Secure products. Founded in 1996, Netcetera has 800 employees across Europe, Asia and the Middle East. Further information: netcetera.com.