Organisation to help companies meet emerging regulations and growing requirements for simpler, stronger user authentication
The FIDO Alliance today announced the launch of a FIDO Europe Working Group to accelerate the use of FIDO authentication standards in Europe. This move comes as financial services firms, telecommunications companies and the broader ecosystem are balancing new regulatory demands with rapidly evolving customer expectations. FIDO authentication, already available from many service providers and technology providers in Europe, reduces organisations’ and users’ reliance on passwords by providing interoperable, cryptographic, on-device authentication that is safer and easier to use than passwords and one-time passcodes.
At launch, 13 FIDO Alliance member companies active in the European market are participating in the new FIDO Europe Working Group: Cartes Bancaires, Cirrus Logic, Daon, Federal Office for Information Security (German BSI), Gemalto SA, Infineon, ING Group, Nok Nok Labs, Oesterreichische Staatsdruckerei (Austrian State Printing House), TRUXTUN Capital SA, Vasco Data Security, Inc., Verizon Innovation LLC, Yubico.
“The FIDO Europe Working Group was created to address the growing market demands for better authentication, which is driven largely by the changing regulatory landscape in the region,” said Brett McDowell, executive director of the FIDO Alliance. “Leading companies have to grapple with new compliance requirements while ensuring they keep pace in a global market by offering convenient customer experiences. This Working Group will be instrumental in raising local awareness of how FIDO standards can help facilitate compliance.”
The new Working Group is chaired by Alain Martin, VP Strategic Partnerships, Gemalto, and Matthieu Nunnink, Enterprise Security Architect, ING. The group will facilitate communication and cooperation within the European market to promote awareness and deployment of FIDO solutions aligned to regulatory requirements from the relevant European agencies. Working closely with policy makers and industry stakeholders, the Working Group will coordinate communications, publish informational assets, and deliver educational events to local markets across Europe. Per the Working Group’s charter, particular focus will be placed on the Payment Services Directive (PSD2), Electronic Identification and Trust Services Regulation (eIDAS), and the General Data Protection Regulation (GDPR) requirements, along with the role of FIDO authentication in products and services subject to those regulations.
“Without standardisation, implementation of strong customer authentication in Europe will result in fragmented solutions, leading to higher costs and poor customer experience” said Alain Martin, co-chair of the FIDO Europe Working Group. “The FIDO standards propose a set of user convenient authentication methods that are aligned with the new regulations and will simplify deployment”.
As an example, with the revised PSD2 now in force across Europe, Strong Customer Authentication will soon become an obligation for financial services organisations to secure access to bank accounts for the purpose of information aggregation or payment initiation. FIDO standards can address the European Banking Authority’s Regulatory Technical Standards (RTS) by proposing fully defined specifications, compliant with the requirements of the RTS. The standardisation work undertaken by the FIDO Alliance, complemented with a multi-layered security certification programme, provides banks and service providers a choice of interoperable authenticators in multiple form factors and for several operating environments. FIDO already has engaged with the EBA on the PSD2 topic, including:
- FIDO Alliance Letter Regarding Payment Services Directive 2
- FIDO & PSD2: Meeting the needs for Strong Consumer Authentication
- Response to the European Banking Authority (EBA) Discussion Paper on Future Draft Regulatory Technical Standards on Strong Customer Authentication and Secure Communication Under the Revised Payment Services Directive (PSD2)
FIDO standards are designed to overcome the usability challenges of older, first-generation authentication solutions. FIDO Certified solutions are finding increased adoption in payments, enterprise and mobile scenarios; FIDO authentication has been deployed worldwide by leading service providers such as Google, Facebook, PayPal, and NTT DOCOMO.