Page 61 - Implementation of Secure Authentication Technologies for Digital Financial Services
P. 61
Annex C – Guidance for Authentication System Providers
Authentication standards organizations publish “This white paper outlines how the FIDO stan-
guidance material for authentication system provid- dards compliment federation protocols. It also
ers to assist with implementation. Guidance material provides guidelines on how to integrate the two
relevant to the standards cited in this report include: in order to add support for FIDO-based MFA and
replace or supplement traditional authentication
NIST Trusted Identities Group: methods in federation environments.”
https:// www .nist .gov/ itl/ tig/ projects/ special
-publication -800 -63 OpenBanking:
Implementation guidance https:// www .openbanking .org .uk/ providers/
standards/
• “NIST will work with the community to prepare Customer Experience Guidelines
implementation guidance for the Digital Identity
Guidelines. The goal is to give implementers eas- • “This document brings together regulatory
ily deployable guidance and help them meet the requirements and extensive customer research
requirements.” to provide customer experience guidelines and
examples of customer journeys for third party pro-
Fido Alliance: viders and account providers. They are designed
https:// fidoalliance .org/ white -papers/ to encourage adoption of Open Banking-enabled
products and services.”
• FIDO Alliance White Paper: Enterprise Adoption
Best Practices – Managing FIDO Credential Lifecy- GSMA Mobile Connect:
cle for Enterprises (April 2018): https:// www .gsma .com/ identity/ wpcontent/
“This white paper provides guidance to IT and uploads/ 2019/ 03/ mc _mwc _platforms _booklet2
Security professionals on how manage FIDO _web _02 _19 -1 .pdf
authentication credentials throughout their full GSMA Platforms & Operations services, February
lifecycle.” 2019
• FIDO Alliance White Paper: How FIDO Standards
Meet PSD2’s Regulatory Technical Standards “The GSMA offers a series of technical platforms and
Requirements on Strong Customer Authentication services designed to help mobile network oper-
(December 2018): ators (MNO) and service providers (SP) deploy
“This document provides a detailed review of Mobile Connect successfully:
the security requirements listed in the Regula- • Interoperability Testsuite Portal: Check if your
tory Technical Standards For Strong Customer Mobile Connect product complies with the Mobile
Authentication and Common and Secure Open Connect specification.
Standards Of Communication under PSD2 (the • API Exchange: Become part of a Mobile Connect
RTS) and describes how the FIDO standards meet ecosystem with other MNOs to be able to offer
such requirements.” seamless cross-operator reach to Service Provid-
• FIDO Alliance White Paper: FIDO & PSD2 – Provid- ers.
ing for a Satisfactory Customer Journey (Septem- • Developer Portal (with Sandbox and SDKs):
ber 2018): Comprehensive documentation and tools to facil-
“This white paper examines the different authen- itate the integration of Mobile Connect into your
tication models that could apply within the inter- applications.
actions of a Third-Party Provider and an Account • Operator Management Console: Self-service por-
Servicing Payment Service Provider. It proposes tal to access reports and manage business pro-
the FIDO standards as a solution to simplify the cesses between you and GSMA.
user experience, for any of these models, in a way • Service Desk: Single point of contact for all Mobile
that meets the Strong Customer Authentication Connect enquiries.
requirements of PSD2.” • Monitoring & Incident Management: Check the
• FIDO Alliance White Paper: Enterprise Adoption health of your Mobile Connect components and
Best Practices – Integrating FIDO & Federation the status of any incident affecting these.”
Protocols (December 2017):
Implementation of Secure Authentication Technologies for Digital Financial Services 59
