Mobile Commerce

PayPal Pushes Password-less Payments

PayPal will be pushing hard to advance password-free authentication now that a complete version of the Fast Identity Online (FIDO) specifications have been published, the company said in a blog post on Wednesday (Dec. 10).

PayPal was a founding member of the FIDO Alliance in early 2013. The new specification offers two protocols: a “universal second factor” (U2F) that uses passwords and a physical token, and a “universal authentication framework” (UAF) that replaces passwords completely.

“We’ve chosen to use the UAF specification since it’s easy for our customers to use (often leveraging biometric information), acts as a full password replacement, and increases security and privacy,” wrote Andy Steingruebl, PayPal’s Director of Ecosystem Security. The company deployed an early UAF version for Samsung’s smartphones that include a fingerprint reader.

Steingruebl said that in PayPal’s FIDO implementation, the fingerprint is not stored in the cloud or on the device. Instead, it’s converted to a “template” that never leaves the device. Once a user logs in with a fingerprint, the FIDO key is unlocked to verify the user’s identity, and sent over an encrypted channel for online authentication. The system also prevents PayPal from tracking its customers through the protocol.

The FIDO Alliance currently includes more than 150 members, among them Visa, MasterCard, Discover, Alibaba, Bank of America, Wells Fargo, Google and Microsoft.


Exclusive PYMNTS Study: 

The Future Of Unattended Retail Report: Vending As The New Contextual Commerce, a PYMNTS and USA Technologies collaboration, details the findings from a survey of 2,325 U.S. consumers about their experiences with shopping via unattended retail channels and their interest in using them going forward.

Click to comment