The future is FIDO – Taking authentication to the next level

CardinalCommerce is currently developing a Fast Identity Online (FIDO) authentication solution for both browser-based web applications and native mobile applications.

So, what is FIDO exactly?

FIDO is a standardized authentication protocol used to strongly authenticate a cardholder on their device, without relying on passwords or one-time passcodes (OTPs). FIDO can be used with EMV® 3-D Secure and Delegated Authentication (DA) to provide a solution for strong authentication, including requirements for PSD2’s strong customer authentication (SCA). Unlike password databases, FIDO stores personally identifying information (PII), such as biometric authentication data, locally on the user's device to protect it.

Why choose FIDO?

-Increased security
-Additional trust
-Consistent, seamless experiences for your customers
-Less fraud and false declines - without adding additional friction

Why is this important?

Because consumers confidence levels in passwords have fallen. As a matter of fact, only 45% of consumers feel passwords are secure. ¹ Even more alarming – 1/3 of online purchases are abandoned due to forgotten passwords. ² Think about your business – what would losing 1/3 of your sales because of a forgotten password mean to your bottom line?


In the context of payments, FIDO is used to associate an authenticated cardholder and their payment credential(s) to a FIDO compatible device. The cardholder is bound to their device and payment credentials to provide a faster and more secure checkout in the future. Once this association has been established, the cardholder can simply authenticate their subsequent online purchases with participating merchants by using their device’s embedded capabilities such as biometrics. Meaning, once registration is completed, authentication can be as easy as a swipe of a fingerprint for your customers – and transactions are more secure – helping to lower fraud and false declines for you.

Why is FIDO so important?

-FIDO is an industry standard that provides an additional layer of security and trust.
-FIDO helps improve authorization rates on fully authenticated transactions, lower false declines, and provide a consistent, seamless customer experience.
-FIDO supports PSD2 SCA and strong 2FA compliance without adding additional friction.
-No passwords or OTPs are stored that can be phished or stolen, helping to increase security and reduce fraud.
-Customers trust the merchants they are shopping with, and our FIDO solution gives them a great customer experience and path to supporting network DA.

Speaking of DA, what is that you may ask? Delegated Authentication is the framework that allows merchants that qualify to perform SCA on behalf of the issuer. In the EU, where SCA is required to be performed for the majority of e-commerce transactions, merchants can implement FIDO authentication within their checkout experience to help issuers meet the regulatory requirements of SCA.

When merchants use strong authentication methods such as FIDO to perform DA, the details regarding that authentication can be provided to the issuer via EMV 3DS so that the issuers can be confident that the cardholder was strongly authenticated - and their SCA obligations are met.

When issuers delegate authentication to merchants, this allows merchants to provide a more consistent customer experience and reduce friction during checkout. FIDO and DA work for issuers because they can have confidence that authentication was performed using an industry standard, that the authentication methods used comply with payment mandates, and that the device is owned by the cardholder. This allows for a minimal investment on the issuers’ side, as well as the potential for higher sales conversions.

Both merchants and issuers benefit from FIDO. And most importantly, your customers do too!

There’s a lot more to come. If you are interested in learning about FIDO and Cardinal’s suite of payment decisioning solutions, let’s talk.

¹ 2021 Identity Fraud Report, Javelin Strategy.

EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC

Related news + trends

industry news

The latest version of EMV® 3-D Secure – a deeper dive

EMV 3DS can help manage PSD2 SCA’s exemptions. See if they’ll work for you.

read more
our stories

2020 What is happening and what is to come at Cardinal

At Cardinal, our 2020 resolution is all about building our existing capabilities and expanding our reach in the latest protocols. See what we've got planned for 2020.

read more
case study

Clothing and Footwear Benchmark

Learn how authentication affects Card-not-Present authorization rates and key statistics on fraud in the clothing and footwear industry.

read more

Is your shopping cart ready for PSD2 SCA?

Authentication is core to payment processing in Europe, so if your digital transactions are not authenticated, you will be expected to implement a solution before your business is impacted.

read more