Transaction Confirmation
The consensus among security experts is that usernames and passwords are not sufficient deterrents for fraudulent and illicit practices in the digital world. Particularly when it comes to data that is highly sensitive and targeted by cybercriminals. This is especially the case for financial data and credentials and bank accounts.
Transaction confirmation, which relies on FIDO authenticators (e.g. a mobile device or a token), is designed to add an extra layer of security by confirming that a transaction is legitimate and indeed authorised by the account or information holder. This is accomplished by requiring the proof of ownership of a private key before a transaction is carried out. That means, even if an account is hacked, no transactions can be performed without first passing additional levels of security.
Transaction confirmation can be used to confirm any manner of transactions, from the login process to actual transactions performed once a user has logged in (e.g. money transfers, payments, etc.).
Furthermore, transaction confirmation goes beyond simply authentication of the transaction itself. It can also be used to confirm whether:
- the amount being transferred corresponds to the agreed upon amount.
- the service provider or retailer is indeed who they claim to be.
- the data being shared is in fact, the data that the user intended to share.
- the user him/herself has granted third-party authorisation of a transaction.
This not only provides added security for consumers, users, retailers, and service providers, it also ensures adherence to various regulatory obligations, including the General Data Protection Regulation (GDPR) and the European PSD2 Directive.
Transaction confirmation is especially important for transactions that require the service provider or retailer to know, without a doubt, that the user has seen and agreed to certain information (e.g. proof of age verification etc.) and has provided consent for an action to be carried out (e.g. payment transactions).