A PSD2-compliant implementation of FIDO for payment authentication
Leading German card issuer PLUSCARD realized that a significant proportion of its customers were not using mobile devices for authentication. They needed a solution that would enable customers to shop online and pay with their cards without having to use an app for two-factor authentication.
Although most of their cardholders were already using an app-based solution, it became apparent that a substantial number (PLUSCARD estimates between 10% and 12%) of cardholders were not willing to use a mobile device for authentication. This was due to either security concerns or simply not owning a smart phone.
“Between 10% and 12% of cardholders were not willing to use a mobile device for authentication."
PLUSCARD wanted to provide these customers with a hardware token solution that would follow the global and open FIDO standard. The issuer turned to long-standing technology partner Entersekt and partner company Netcetera to develop and deploy what would become Europe’s first PSD2-compliant implementation of FIDO for payment authentication.
The solution was Europe’s first PSD2-compliant implementation of FIDO for payment authentication.
Business challenges
- Some customers were not using mobile devices to authenticate payments.
- They required a two-factor authentication solution that did not rely on a mobile device.
- PSD2 strong customer authentication (SCA) requirements had to be met.
- Customers needed a choice of authentication methods based on their device preferences.
Customer success
- A hardware token solution based on the open FIDO standard was successfully deployed.
- Customers can now choose from a range of secure, compliant authentication options.
- PLUSCARD no longer needs to rely on SMS OTPs to reach customers without apps.
- The solution paves the way for future authentication methods based on the FIDO standard.
They said
"Customers without a mobile device now have the option to approve their online payments conveniently and securely with the FIDO token. Together with Netcetera and Entersekt, we have implemented a future-proof solution with the FIDO standard. So far, this is a unique alternative to app-based authentication in the German market." — Thomas Niederauer, Product Manager, PLUSCARD (2021)
We said
"The implementation of a FIDO2 USB Security Key at PLUSCARD is an important first step, with future applications to follow. We are proud to open this new chapter of payment authentication together with PLUSCARD and Netcetera.” — Uwe Härtel, Country Manager Central Europe, Entersekt (2021)Learn more about FIDO and FIDO2 in our ebook, The ultimate guide to FIDO. Or contact us to learn more about