Comments

GBIC statement on the secure display of transaction data with the FIDO2 standard

Diana Campar
Diana Campar

The German Banking Industry Committee (GBIC) is pushing for an extension of the FIDO2 standard to ensure the secure display of transaction data. Currently, the standard only allows a hash value to be transmitted to the authenticator, but not the full transaction details. This poses a security risk, particularly in PC architectures, which is why GBIC proposes that the complete transaction data be transmitted directly to the authenticator and displayed there on a secure display. This would give users the opportunity to securely check the transaction details before confirmation. In addition, the authentication code should be linked to the displayed data to ensure the integrity of the transaction. Extending the specification to include a standardized interface for these functions is essential in order to adequately meet regulatory requirements and thus make the standard usable in the financial sector.

GBIC recommendations FIDO 2

PDF
Diana Campar

Contact

Diana Campar

Banking Technology and Security

This might also interest you:

Comments

GBIC interpretation of the DORA constellation

‘ICT service as part of a regulated financial service’

The background to the paper is the Q&A of the European Supervisory Authorities (EBA, ESMA, EIOPA) of 22 January 2025, which provides the EU Commission's clarification on this constellation.

Comments

GBIC comments to amendments of delegated acts

In response to the European Commission’s consultation on its proposed changes to the delegated acts of the EU Taxonomy the German Banking Industry Committee (GBIC) issued a statement.