Passkeys allow users to log into secure accounts without a password. E-commerce business first appeared in FIDO Alliance The industry group, which stands for Fast ID Online, was launched in 2012 with a mission to reduce the world’s reliance on passwords.
FIDO Executive Director Andrew Sikier said the past two years have been significant for members and e-commerce companies. “We want to bring customers to our site and protect them from account takeover, credential theft and phishing attacks,” he said. “That’s why PayPal, eBay, Amazon, Walmart, Best Buy, and other e-commerce companies were early adopters of passkey payments.”
According to a FIDO survey of 10,000 consumers in the US, UK, France, Germany, Australia, Singapore, Japan, South Korea, India and China, awareness of passkeys will increase by 39% in 2022. He pointed out that it has risen to 57% in 2024.
double protection
Passkey protects your sign-in, paymentSikiar explained, adding, “How do I know that the person signing in or making the purchase is actually my customer or legitimate guest and not a fraudster?” . You want your customers to be able to sign in to your site as easily and securely as possible. ”
Utilization of passkey public key cryptographyencryption that involves a public “key” (a large string of numbers used to encrypt data) that is available to everyone, and a private key known only to you and stored on your device, such as your phone or computer. system. Only the private key can decrypt the public key. The passkey sign-in process is quick and secure from any device that stores your private key. Therefore, fraudsters need access to your device in order to sign into your account.
Sikier said sign-in success rates were a hot topic at FIDO’s Authenticate conference in California in October 2024, and Amazon reported a 15% increase in sign-in success rates. Even a 5% increase in sign-ins is significant for merchants, and a high success rate typically means sign-ins are faster than passwords or traditional two-factor authentication.
Passkey readiness status
Emily Baxter, Security Consultant RPY Innovationa payments consultancy, advised merchants to consider internal and external factors when evaluating passkeys. “Merchant readiness can be viewed from two perspectives: user and passkey provider readiness,” she said. Key questions for merchants include how they currently utilize passwords, what integrations and vendors are needed to enable passkeys, and how customers will experience this change. Contains. ”
As always, Baxter added that security teams are ensuring security teams are engaged in assessing the organization’s readiness, adding that the best solutions are driven by a clear “why,” which she calls the north star of implementation. I pointed out that there is.
“Your North Star might be a reputation as a safe and reliable seller, providing a great user experience (especially addressing increased cart abandonment and user complaints), or meeting provider requirements. Or it could be something else entirely,” she said.
Baxter pointed out that despite passwords’ shortcomings, they can be used anytime, anywhere, and on any device. Merchants should evaluate the potential impact of passkeys. User experience Considering:
- Do shoppers typically sign in from their own devices or from public computers?
- Is user adoption of passkeys voluntary or mandatory?
- Does the initial implementation require a dual password/passkey solution?
- What customer and employee training and education do you need?
In addition to FIDO references, passkey centralEducation portal Baxter advised merchants to consider how passkeys fit into their overall cybersecurity strategy.
She added that passkeys are set up and shared in a variety of ways. Merchants can implement passkeys directly or through third-party providers. A user’s private key may reside in the iPhone’s operating system, password protection apps, etc. Additionally, vendors can facilitate some or all setups with varying pricing, scalability, and implementation support.
FIDO Certified Vendor
Shikiar agreed, saying that FIDO’s ecosystem includes hundreds of services. Certified solution provider This helps e-commerce and other businesses quickly implement passkeys.
“We do not dictate how passkeys are developed or how vendor-specific solutions are promoted,” Schikier added. “We advise businesses to go into discussions with vendors with their eyes open. Get information before meeting with vendors. Even though they are all FIDO certified vendors, they speak the same language. , having a strategy and clear goals allows vendors to be more responsive to customers and their passkey rollouts.”
