It’s important that all business leaders have a basic understanding of authentication technologies if they are involved in assuring their online assets are easy to access and yet still secure. This article details a UK National Cyber Security Centre (NCSC) report that targets merchants, but is also a great place to start for others.
The report evaluates the benefits and limitations of four categories of passwordless access: multi-factor authentication (MFA), OAuth 2.0, FIDO2, magic links and one-time passwords (OTP). Mercator has recommended financial institutions start to migrate all of their channels to adopt a single authentication strategy to acclimate account holders to that one authentication process. This approach can help eliminate cart abandonment at merchants when 3D Secure step up is implemented and that confidence can lead to top of wallet status for the institutions card across all ecommerce sites.
While FIDO solves many problems, there are also limitations that implementors need to avoid until the FIDO standard is updated to address them. However, even with these issues FIDO represents a solid approach for a common authentication methodology for those institutions unwilling to roll out a secure mobile app that maintains its own secure channel for consumer authentication.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group.