O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Webinar: PSD2 Support: Why Change to FIDO

1.046 visualizações

Publicada em

Banks in Europe have deployed customer authentication solutions for several years. These solutions have served their purpose well and enabled customers to safely log in to their bank accounts. In the world of e-commerce, these solutions, when used, have been successful in combating online payment fraud.

The Second Payment Services Directive (PSD2) and its associated Regulatory Technical Standards (RTS) dramatically change the payment landscape, considering:

-- The mandate for strong, multi-factor authentication,
-- The emergence of Third Party Providers (TPP) accessing accounts via open APIs

The success of PSD2 will ultimately be determined by how well banks can balance user convenience with security obligations, while maximizing reach. As such, they may want to evaluate how well their legacy authentication solutions meet this new need.

FIDO authentication standards have been proposed as a way for banks to meet all requirements in a PSD2 world — but is the change from a legacy method to FIDO worthwhile?

This webinar covers FIDO Authentication standards and how they compare with legacy authentication methods used to access an account or secure an online payment. The methods compared are SMS OTPs, hardware OTP generators, CAP readers, and proprietary smartphone and biometrics-based solutions in terms of PSD2 compliance, security, usability and scalability.

Read this to find out: Why change to FIDO?

Publicada em: Tecnologia
  • Seja o primeiro a comentar

Webinar: PSD2 Support: Why Change to FIDO

  1. 1. © FIDO Alliance 2020 PSD2 Support: Why Change to FIDO WEBINAR
  2. 2. © FIDO Alliance 20202
  3. 3. © FIDO Alliance 2020 Today’s Speakers Andrew Shikiar Executive Director & CMO FIDO Alliance Alain Martin Head of Consulting & Industry Relations, Thales Co-chair, FIDO Europe Working Group
  4. 4. © FIDO Alliance 20204
  5. 5. © FIDO Alliance 2020 Intro to FIDO Andrew Shikiar Executive Director & CMO FIDO Alliance
  6. 6. © FIDO Alliance 20206 Growth in credential loss in 2019 (RiskBased Security) 284% Financial loss caused by online payment fraud by 2024 in Europe (Juniper Research) $25 billion 18 million COVID-19 themed malware and phishing emails blocked per day by Google 7,098 breaches in 2019, exposing 15.1 billion records (ITRC) 51% of passwords are reused across services (University of Oxford) collectively spent by humans each day entering passwords (Microsoft) 1,300 years e-commerce sites’ attempted log-ins are compromised by stuffing (Shape Security) 80-90% Europeans that would abandon transaction if too many authentication steps (yStats) 1/3 Of IT leaders re-use a single password (Sailpoint) 55% Of helpdesk calls are for password resets (Forrester) 20-50%
  7. 7. © FIDO Alliance 20207 Security Usability Poor Easy WeakStrong = Single Gesture Possession-based Authentication Open standards for simpler, stronger authentication using asymmetric public key cryptography
  8. 8. © FIDO Alliance 20208 FIDO Breaks the Credential Theft Cycle & Prevents Account Takeovers Use of Public Key Cryptography eliminates dependence on server-side credentials Nothing of value for hackers to steal (public keys have no utility) Stuffed credentials won’t work Stops supply & demand for hackers
  9. 9. © FIDO Alliance 20209 + Sponsor members + Associate members + Liaison members FIDO Leadership
  10. 10. © FIDO Alliance 202010 Since May 2018 Broader matrix of support across platforms and transports Hello Over 2.5 Billion Devices can support FIDO Authentication
  11. 11. © FIDO Alliance 2020 WHYCHANGE TOFIDO? FIDOvsLegacyAuthnMethods Alain Martin Head of Consulting & Industry Relations, Thales Co-chair, FIDO Europe Working Group
  12. 12. © FIDO Alliance 20201313 Authentication BEFORE WITH PSD2 TPP Interaction Authentication Interactions Device Device
  13. 13. © FIDO Alliance 20201414 June 2020 EBA Opinion: the authentication of the [user] with the ASPSP in an AISP/PISP journey, […] should not create unnecessary friction THE CUSTOMER JOURNEY KEY SUCCESS FACTOR FOR THE ROLL OUT OF PSD2 IN EUROPE
  14. 14. © FIDO Alliance 2020 Existing SCA solutions 15
  15. 15. © FIDO Alliance 20201616 ****** ****** 123456
  16. 16. © FIDO Alliance 202017 123456 TPP or Merchant UI Bank UI ****** ****** Bank UI TPP or Merchant UI
  17. 17. © FIDO Alliance 202018
  18. 18. © FIDO Alliance 202019 123456 ******
  19. 19. © FIDO Alliance 202020 TPP or Merchant UI Bank UI OTP Bank UI OTP ****** Some OTP generators can scan QR codes TPP or Merchant UI Some OTP generators can be connected to PC
  20. 20. © FIDO Alliance 202021
  21. 21. © FIDO Alliance 202022 123456 ******
  22. 22. © FIDO Alliance 202023 TPP or Merchant UI Bank UI OTP Bank UI OTP ****** TPP or Merchant UI Some CAP readers can be connected to PC
  23. 23. © FIDO Alliance 202024
  24. 24. © FIDO Alliance 202025 Bank UI Challenge Signed Response Bank key Bank Verification Bank key
  25. 25. © FIDO Alliance 202026 TPP or Merchant UI TPP or Merchant UIBank UI TPP UI Bank UI TPP UI
  26. 26. © FIDO Alliance 202027
  27. 27. © FIDO Alliance 2020 Why change to FIDO 28
  28. 28. © FIDO Alliance 202029 User Environment Authenticator Touch, PIN entry, Biometric entry Challenge Signed Response Private key Public key User Relying Party Verification
  29. 29. © FIDO Alliance 20203030 TPP or Merchant UI TPP or Merchant UIBank UI TPP or Merchant UI Bank UI TPP or Merchant UI Web or app based UI
  30. 30. © FIDO Alliance 20203131 TPP or Merchant UI TPP or Merchant UI TPP UI Bank UI TPP UI Bank UI Embedded FIDO platform authenticator Embedded FIDO platform authenticator Web or app based UI
  31. 31. © FIDO Alliance 20203232
  32. 32. © FIDO Alliance 202033
  33. 33. © FIDO Alliance 202034 User Environment Authenticator Touch, PIN entry, Biometric entry Challenge + web origin Signed Response Private key Public key User Relying Party Verification of web origin
  34. 34. © FIDO Alliance 20203535
  35. 35. © FIDO Alliance 20203636 Consideration SMS OTP + password Hardware OTP Generators CAP Readers Proprietary and biometrics FIDO User convenience When using MFA authenticators PSD2 compliance May require password entry if no on-device user verification Resistance to phishing Security of the solution Passwords and SMS channel insecure. SIM swapping Depending on key storage method Account recovery in case of loss New device to be seeded, deployed and activated New reader to be deployed. New card to be personalized Re enrollment required Re enrollment required Deployment/Scalability Devices need seeding and deploying Readers still need deploying Proprietary solutions. Require key provisioning server
  36. 36. © FIDO Alliance 202037 Enhanced user experience Security and resistance to phishing Deployment/scalability
  37. 37. © FIDO Alliance 2020 Read the white paper! https://fidoalliance.org/white-paper-psd2-support-why-change-to-fido/
  38. 38. © FIDO Alliance 2020 Q&A Andrew Shikiar Executive Director & CMO FIDO Alliance Alain Martin Head of Consulting & Industry Relations, Thales Co-chair, FIDO Europe Working Group
  39. 39. © FIDO Alliance 2020 If we didn’t have time to answer your question, please reach out to us at help@fidoalliance.org The webinar recording and slides will be emailed to you and posted on fidoalliance.org Please stay on to take the survey at the conclusion of the webinar 40
  40. 40. © FIDO Alliance 2020 fidoalliance.org 41

×