September 21, 2017
The FIDO Alliance, an industry consortium advocating for strong authentication requirements, yesterday released a white paper describing how the authentication standards drafted by the European Banking Authority for the revised Payment Services Directive (PSD2) in Europe can be put into practice. The EBA’s Regulatory Technical Standards, published in February 2017, spelled out to industry stakeholders some of the principles banks and PSPs should employ to ensure strong online authentication including multifactor authentication and authentication code generation. FIDO has come up with standards of its own that detail the implementation of such techniques, which the EBA did not cover (they have yet to be ratified by the European Commission).
“The final language in the regulation reflects a modern understanding of multi-factor authentication,” FIDO said in a blog post. “While the final draft RTS requires two secure and distinct factors of authentication, it also recognizes that these factors can be housed in a single ‘multi-purpose’ device—such as a mobile phone, tablet or PC—as long as ‘separate secure execution environments’ are used (such as trusted execution environments, secure elements and trusted platform modules).”
To learn more about how FIDO authentication standards work with PSD2 requirements, access the free white paper here.