Passwordless future with FIDO – first European FIDO2 solution for payments was put to practical use at PLUSCARD by Entersekt and Netcetera. Entersekt is coming to Banking 4.0.

November 14, 2021 / Nocashevents / Comments Off on Passwordless future with FIDO – first European FIDO2 solution for payments was put to practical use at PLUSCARD by Entersekt and Netcetera. Entersekt is coming to Banking 4.0.

In a Europe-first implementation in partnership with Netcetera, the FIDO authentication standard for payments was recently instituted at PLUSCARD, a full-service processor for numerous card-issuing institutions throughout Germany.

The solution, developed over several months, enabled secure, unrestricted card payments on the internet without needing a mobile device for mandatory two-factor authentication.

The need for app-free strong customer authentication
Since 2019, Entersekt had been engaged in talks with long-standing partner PLUSCARD about the possible use of hardware tokens for strong customer authentication (SCA).

Although most cardholders were already using an app-based solution, it became apparent that a substantial number (PLUSCARD estimates between 10% and 12%) of cardholders were not willing to use a mobile device for authentication. This was due to either security concerns or simply not owning a smart phone.

“Between 10% and 12% of cardholders were not willing to use a mobile device for authentication.”

These customers needed a solution that enabled them to shop online and pay with their cards without having to use an app for two-factor authentication. At the time, the envisaged solution was a hardware token that followed the global and open FIDO standard.

FIDO-certified server and SDK development
So, in 2020, Entersekt began developing a FIDO server, which had to be certified by the FIDO Alliance before it could be put into practice. In December 2020, that certification was obtained. As a result, the FIDO server could be integrated into the Entersekt Secure Platform (ESP), while the corresponding web software development kit (SDK) was built in parallel.

It was then over to Netcetera to implement the solution at PLUSCARD, which was followed by a longer phase of joint and repeated testing. After all, the authentication flow had to work flawlessly on all mobile and web browsers.

“The authentication flow had to work flawlessly on all mobile and web browsers.”

On June 16, 2021, PLUSCARD went live with its new FIDO authentication solution, the first German FIDO implementation for payments.

More details here