Delegated authentication

Authentication at the retailer to improve user-friendliness

Offering the checkout process in online shops as simple and straightforward as possible for customers, reducing abandoned purchases and improving conversions - that is what e-commerce is all about. If merchants could authenticate their customers themselves, one-click checkout would be easy to implement.

The prerequisites are in place. The strong trend towards online shopping will continue. Many online merchants already know their customers and use various methods to authenticate them. More and more customers are using smartphones or tablets for online shopping. Most mobile devices and most browsers support biometrics, which facilitates authentication. Merchants using Card on File based on tokenization (card data permanently stored at the merchant in the form of tokens) already benefit from higher conversion rates and improved user-friendliness. This means that all the prerequisites are in place to enable merchants to provide PSD2-compliant authentication for their customers.

Good reasons for delegating authentication to merchants

As a PSD2-compliant authentication method for merchants, the technology of the FIDO-Alliance (Fast Identity Online) is ideal. If a merchant has securely registered its customers via FIDO, the login to the merchant's customer account can be used as authentication for payment transactions. The FIDO standards for authentication are supported by American Express, Mastercard and Visa as well as by the most important OEMs and software providers (e.g. Microsoft, Samsung, Facebook, Apple, Google) and are therefore also supported in many biometric implementations (e.g. Apple Face-ID or Windows Hello).

To ensure that the confirmation of authentication can be forwarded from the merchant to the card issuer, the 3-D Secure protocol version 2.2 is provided as a corresponding technical support.

Legally, merchants and card issuers can either agree on this type of authentication through bilateral contracts or use the services of Mastercard and Visa as "Delegated Authentication Brokers". In this case, a merchant only needs to make one contract per scheme. The card issuers automatically participate in this scheme as long as they do not make use of their opt-out option.

For customers, this means that they no longer have to switch back and forth between the merchant app and issuer app for PSD2-compliant Strong Customer Authentication at checkout. They can complete the payment with a single click or biometric verification in the merchant app – regardless of whether they shop via PC, tablet or smartphone.

The technical implementation of Delegated Authentication appears ambitious at first glance. But if you have the right service provider at your side and use the broker model, implementation can be quick and easy.

Watch our related webinar

More stories

On this topic