Sarah Lefavrais | IAM Product Marketing Manager
More About This Author >
Sarah Lefavrais | IAM Product Marketing Manager
More About This Author >
- Celebrating International Passwordless Day with FIDO2 Security
- Beyond Passwords: How Financial Institutions Use FIDO2 for Secure Transactions
- International Passwordless Day: Why FIDO2 Matters for Financial Services
As threats and regulations intensify across the globe, banking, financial services and insurance (BFSI) leaders are seeking robust, user-friendly authentication options to keep pace with new risk realities. FIDO2 has emerged as the industry benchmark, curbing fraud and supporting millions of passwordless logins daily.
Thales integrates FIDO2 with advanced biometric support, to provide secure, convenient access across modern devices and setting new standards in safe, frictionless banking experiences.
Regulatory pressure and phishing in finance
As financial services become increasingly digitized, regulatory pressure is mounting to adopt phishing-resistant authentication solutions. Passwords and SMS 2FA no longer suffice against advanced attack vectors like man-in-the-middle, bot-driven attacks, and user fatigue, which are prolific in the BFSI sector. These vulnerabilities put critical transactions and sensitive data at risk, necessitating stronger, more resilient authentication methods.
Moreover, threats from insider misuse, synthetic identities, and account takeover fraud heighten operational risk and regulatory exposure. Organizations face significant penalties, including fines, mandated system audits, and possible operational restrictions for failing to meet these evolving compliance standards. FIDO2 security keys leverage device-specific cryptography to eliminate passwords and thwart phishing attacks, helping financial institutions meet compliance while securing customer and employee access.
MFA challenges in B2C and B2B Finance
While multi-factor authentication (MFA) has become a cornerstone of modern cybersecurity, traditional MFA often hampers user experience in the BFSI sector.
Consumers face multiple authentication steps that introduce friction, resulting in abandoned transactions and unhappy customers. On the enterprise side, employees [KJ1.1]spend too much time navigating password policies, forgetting credentials, and sometimes even sharing passwords – jeopardizing security and productivity. These challenges drive up IT support costs substantially: banks report high volumes of help desk tickets and password resets, which strain resources and increase operational overhead.
This friction extends beyond inconvenience. Legacy MFA methods like SMS codes and OTPs remain vulnerable to interception and are targets for automated and social engineering attacks. With the rise of push notification fatigue attacks and man-in-the-middle exploits, legacy MFA fails to adequately defend against escalating threats in financial environments.
By leveraging device-specific cryptography, Thales’ FIDO2 technology tackles these vulnerabilities by allowing organizations to authenticate its users without passwords. Phishing-resistant and compliant with global regulatory standards (FIPS 140-2/3, Common Criteria, eIDAS, PSD2 and US executive orders), FIDO2 improves security while simplifying authentication processes for both customers and employees alike.
Why FIDO2 fits: Strong identity binding, phishing resistance
The foundation of secure digital access lies in the strength of identity binding and defense against phishing threats. At its core, FIDO2 offers a cryptographically secure method that ties digital credentials to specific users and devices, providing unprecedented assurance in identity verification. Thales delivers standards-compliant security keys and smart cards tailored for BFSI security challenges. Key features include:
- Cryptographic key pairs that never leave the device, uniquely binding each credential to its user and services, offering unmatched identity assurance
- Strong phishing-resistant protection through cryptographic validation of the website’s domain before releasing credentials
- On-device biometric authentication that provides fast, privacy-aware confirmation without transmitting sensitive data externally
- Manufacturing under trusted, certified conditions that produce tamper-evident products meeting FIPS, Common Criteria, and other global security benchmarks
- Enterprise-ready lifecycle, provisioning, and management tools that integrate seamlessly with identity frameworks, simplifying large-scale deployment and administration
Managing FIDO2 at scale: Why lifecycle management matters
While FIDO2 strengthens authentication at the point of access, organizations must also manage these credentials effectively across their lifecycle to maintain security and operational efficiency at scale.
With Thales Authenticator Lifecycle Manager, organizations can:
- Streamline provisioning at scale
Securely deliver ready-to-use authenticators to many users without manual overhead - Manage lifecycle events seamlessly
Handle locked devices, replacements, and role changes without disrupting access or introducing risk - Enforce consistent policies
Maintain strong, uniform authentication standards across environments
By centralizing lifecycle management, Thales enables organizations to extend the benefits of FIDO2 beyond authentication to ensure credentials remain secure, visible, and fully controlled from issuance through revocation.
Real-world deployment examples
Financial institutions adopt FIDO2 security keys in a variety of ways to address both digital transformation goals and regulatory demands. Consider these typical use cases that showcase how FIDO2 improves security and user experience across channels.
- Customer portal integration: Banks deploy FIDO2 to simplify online banking access, enabling customers to log in and authorize transactions using just a fingerprint scan on their mobile device, or a quick tap of a security key on their desktop.
- Employee access across devices: All types of banking employees gain secure access to sensitive core systems from desktops, laptops, or mobile devices, using FIDO2 keys plugged into traditional workstations or tapped on tablets for flexible work scenarios.
- Multi-channel consistency: The same FIDO2 credential is interoperable across mobile apps, web portals, and physical branch kiosks, delivering a unified authentication experience to customers and staff alike that improves both security and convenience.
Note: While synced passkeys offer a good user experience for password replacement and multi-channel consistency, the industry’s highest security and compliance demands are best met by device-bound passkeys. Our device-bound FIDO2 keys are designed to prevent credential theft and phishing, critical for regulated environments.
Compliance alignment (PSD2, GDPR, PCI DSS)
FIDO2’s cryptographic, passwordless approach inherently supports key requirements across financial services regulations, simplifying compliance for BFSI organizations with a unified strong authentication standard.
- PSD2: FIDO2 meets Strong Customer Authentication (SCA) by combining device-bound keys (something you have) with biometrics (something you are), and supports dynamic linking by cryptographically binding authentication to transactions and users.
- GDPR: Privacy by design is embedded as biometric data and private keys never leave the user’s device, aligning with GDPR’s emphasis on data minimization and protection. This local verification limits exposure of sensitive information in compliance with European data laws.
- PCI DSS: By eliminating shared secrets like passwords and OTPs, FIDO2 reduces the attack surface. Asymmetric cryptographic keys, stored securely in tamper-resistant hardware, meet PCI DSS requirements for strong credential protection and minimize breach risks during payment authentication.
- Certifications and audit facilitation: Thales FIDO2 devices hold certifications including FIPS 140-2/3, Common Criteria, and eIDAS, providing independently validated security assurances. These certifications support BFSI compliance audits by demonstrating adherence to internationally recognized security standards, easing regulatory reporting without the burden of overly complex processes.
Curious which FIDO2 keys meet which compliance regulations? Check out our detailed solution brief to find the perfect match for your needs.
Customer experience: Biometric login for banking portals
At the end of the day, customers want a login process that’s quick, easy, and secure. FIDO2 biometric authentication lets them sign in with a simple touch or glance, without juggling passwords or codes.
- Single-gesture authentication: all you need is just one touchpoint like a fingerprint, face scan, or security key tap, no passwords or app switching required.
- Reduced account lockouts: forget about getting locked out; biometric login cuts down frustrating password resets and support calls
- Trust and confidence building: combining phishing-resistant cryptography with biometrics helps you feel confident that your money and data are protected
- Accessibility benefits: biometric options cater to everyone by supporting various modalities to fit different needs and preferences
We also offer the widest range of biometric authenticators available - spanning security keys, smart cards, and embedded biometrics - so BFSI organizations can find the perfect solution to meet any customer or employee use case.
Talk to our security experts
Looking to elevate your authentication experience? Thales offers a comprehensive portfolio of FIDO solutions designed for every BFSI need.
- Explore our FIDO Devices page for security keys and smart card solutions that deliver passwordless, phishing-resistant login experiences.
- Discover workforce access options with SafeNet Trusted Access (STA) and SAS PCE, built to secure employee identities and support flexible, scalable deployments.
- For banks focused on customer journeys, our OneWelcome Identity Platform IDCloud delivers seamless, biometric authentication for retail and online banking users.
- Prefer to talk to someone directly? Connect with a Thales security expert to discuss your specific authentication goals and requirements.
Whether you’re securing employee identities, enhancing customer journeys, or streamlining security across channels, Thales has the tools and expertise for what’s next.