This article in Finastra suggests that the electronic ID (eID) is delayed because the technology suppliers and FIDO Alliance “does not create an effective commercial value chain:”
With mobile phone and integration of connected devices technologies improving the security and user experience for digital services. The use of biometric sensors in devices require companies to relying on and to trust the device and the associated biometric infrastructure. This is becoming an ‘implicit’ trust framework, with no 3rd party liability no the manufacturer of the biometric device. The FIDO (Fast ID Online) alliance has created a framework to exploit the biometric sensors in devices to unlock eID credentials. However, this framework does not create an effective commercial value chain.
This is the issue that hampered NFC mobile payment deployment with multiple technical solutions but no workable commercial model. That was before the NFC card tokenisation commercial model was defined, created and deployed initially by ‘ApplePay’. This model created an effective commercial relationship as the ‘token provider’ is paid for providing the service either each time a payment is made by consumer or the token is created. The international card schemes were key stakeholders that define, enforce and facilitate the commercial model between card issuer and merchant acquirers for mobile NFC payments.”
I disagree. There is a significant financial incentive for authenticators to adopt the mobile device security model as exposed by FIDO. The authenticator no longer needs to pay for the device, the authentication is more reliable than a password, and consumers will no longer forget the password which drives users away and costs the authenticator money. The problem is the age-old challenge of a 2 sided market. The authenticator needs a large market to use biometrics before it will invest in the technology. While 67% of smartphones have biometric tech, very few consumers use it because it doesn’t unlock enough apps and websites.
Besides, the payment networks are encouraging the use of biometrics with the introduction of 3D Secure 2. While this new eCommerce security protocol doesn’t mandate biometrics it does require an out of band user authentication for suspicious transactions. Smart banks that want to offer consumers a convenient method of identification should enable their banking app to also offer a biometric authentication method.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
