FIDO

What is FIDO?

FIDO (Fast IDentity Online) is a set of authentication standards and methods designed to replace password-only logins with fast, secure login experiences across websites and apps. FIDO uses data-rich identification methods such as biometrics, device profiling, and authenticators to remove friction while increasing security and success rates.

FIDO is larger than just Cardinal Commerce. The FIDO Alliance is a coalition of industry-leading companies in tech, payments, and commerce. The Alliance launched in 2013 with the goal of developing and promoting an unified cross-industry standard for more secure, robust authentication systems.

How does FIDO work?

In payments, FIDO works by creating a unique consumer entity out of a combination of the consumer PAN and their Device Fingerprinting data. These unique entities are identified and authenticated using tools like biometrics or authenticators. Both the methods of authentication and the keys that secure them stay on the device, removing reliance on server-side secrets and minimizing the risk from data breaches.

For more information on FIDO and how it works, see: https://fidoalliance.org/what-is-fido/

Please note:

  • Cardinal FIDO is currently available in the EU, with global rollout by region coming soon. For now, both the issuing and acquiring banks must be in the EU region for a FIDO transaction to occur.

  • Cardinal FIDO authentication is currently only supported on Visa cards. More card networks will be onboarded in the future.

Integrating Cardinal FIDO

Cardinal’s FIDO solution works with the Cardinal Cruise and Cardinal Cruise Hybrid implementations to create a unified authentication experience. There are, broadly, four parts to setting up and using Cardinal Commerce FIDO:

 

Step 1: Setup

  • Configuring the FIDO SDK
    Using Cardinal FIDO begins with installing and configuring the Software Development Kit (SDK) that runs FIDO’s core functionality.

Step 2: Check user compatibility

Step 3: Check user enrollment

Step 4: Use FIDO

  • FIDO Enrollment
    If a user is not already enrolled in FIDO, they can be lead through the FIDO enrollment flow outlined here.

  • Using FIDO In a Transaction
    If the user has already been enrolled in FIDO, you can use the robust authentication features of FIDO in the transaction.