Adoption of ‘High-Assurance Strong Authentication’ Recommended for Businesses
12-22-2017
A new report from Javelin Strategy & Research recommends businesses adopt readily available high-assurance strong authentication to bolster security in light of increasingly effective attacks against traditional authentication methods.
The research, which was sponsored by FIDO Alliance, suggests that businesses continue to be vulnerable to data breaches because they rely on passwords, and, if they opt to implement additional authentication factors, they choose outdated options like static questions and SMS one-time passwords (OTPs). The report identifies the weakest authentication factors—those based on knowledge, not possession—and reports they remain the most popular and common. Businesses are using passwords plus static questions (31 percent) or SMS OTPs (25 percent) as their additional factors for customer authentication online. This is true despite the fact that strong authentication is evolving and is readily available, according to Al Pascual, Javelin’s senior vice president and research director. “Many consumer devices are coming equipped with built-in capabilities that enable high-assurance strong authentication, reducing costs and complexity for all stakeholders,” he said in a press statement.
Currently, companies are more likely to offer strong authentication to their customers than to their employees, but the research shows that both are lagging in the adoption of high-assurance strong authentication. Fifty percent of businesses offer at least two factors when authenticating their customers but only 35 percent of enterprises use two or more factors for authenticating their employees to data and systems. Between the two, use of high-assurance strong authentication is rare—only 5 percent of businesses offer the capability to customers or leverage it within the enterprise.
“So many of our commercial transactions today take place over the internet, and we’ve seen time and again that passwords, and even one-time-passcodes, do not provide sufficient protection against today’s threats,” said Brett McDowell, executive director, FIDO Alliance. Consequently, the report recommends companies strongly consider high- assurance strong authentication because it is not susceptible to phishing, man-in-the-middle, or other attacks targeting credentials—which are known vulnerabilities with passwords, static questions, and OTPs.
About ETA
The Electronic Transactions Association (ETA) is the global trade association representing more than 500 payments and technology companies. ETA members make commerce possible by processing more than $6 trillion in purchases in the US and deploying payments innovations to merchants and consumers. Learn more: www.electran.org.
Related Posts

News
Guest Post: Payments Shock Factor: The Digital Acceleration No One Saw Coming
By Steve Villegas, VP, Payment Partnerships North America, PPRO To suggest that COVID-19 has transformed the future of business would be too obvious. But, in certain industries like retail, it is hard to fathom just . . .
8-19-2020
learn more
News
ETA Expert Insights: PCI DSS Validation Responsibilities for Payment Facilitators and Their Sub-Merchants
By Jim Bibles, Aperia, Chris Bucolo, ControlScan, and Lori Rainery First American Payment Systems, members of the ETA Payment Facilitator Committee. There are many misconceptions around the responsibilities of Payment Card Industry Data Security Standard . . .
8-5-2020
learn more
News
Guest Post: How the Pandemic Changed Unemployment Fraud
By Gurjot Kaur Bandasha, Engineering Manager, Dataseers On March 18, 2020, President Trump signed into law the Families First Coronavirus Response Act (FFCRA), which provided additional flexibility for state unemployment insurance agencies and additional administrative . . .
7-23-2020
learn more