27 Aug 2019

Final NIST Guide on MFA for E-Commerce Released in Collaboration With StrongKey

Press Releases

StrongKey Contributes FIDO Server and Magento Open-source Component to NIST Project to Help Reduce E-Commerce Fraud

CUPERTINO, Calif. – Aug. 29, 2019 – StrongKey announced today that the final version of the NIST Special Publication 1800-17, Multifactor Authentication for E-Commerce, of which the company was a technical collaborator, is now available to retailers interested in implementing a Multifactor Authentication (MFA) solution. The guide provides practical, real-world guidance so retailers can use MFA to improve assurance of purchaser identity and to help reduce e-commerce fraud.

According to Experian’s Global Fraud Report 2018, 75% of businesses said, "We would be very interested in more advanced security measures and authentication." StrongKey has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on this project to help retailers and e-commerce merchants do exactly that.

StrongKey was chosen as a technical collaborator based on the capabilities of its products and ability to contribute towards the completion of the project’s mission. Its fellow technology collaborators on this project included RSA, Splunk, TokenOne and Yubico.*

Arshad Noor, CTO, StrongKey, said: “It is no longer a secret that passwords, as the sole authentication mechanism for sensitive transactions and resources, have become an epidemic problem in the digital world.The FIDO Alliance’s mission is to change the nature of online authentication; eliminating passwords is one aspect of that mission. We are happy to cooperate with the NCCoE by providing our open-source FIDO server and the Magento open-source component we developed to show e-commerce companies that it is possible to reduce fraud.”

For the practice guide, StrongKey provided specifically crafted code to integrate the FIDO U2F standard to an open source e-commerce platform.

Bill Newhouse, NCCoE senior security engineer, said: “Collaborating with stakeholders, including StrongKey, to produce viable cybersecurity solutions is key to the NCCoE’s success. The Multifactor Authentication for E-Commerce Practice Guide is an example of how these stakeholders engage with the NCCoE to produce a solution that can be adopted by e-commerce platform owners to reduce risk for retailers, their customers and other industries who rely on e-commerce to drive their business.”

The NCCoE and StrongKey address a critical cybersecurity and economic need. Organizations can download the free practice guide and consider how to best implement it in their business.

*While the example implementations use certain products, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.

About StrongKey

StrongKey makes data breaches irrelevant by redefining how businesses and government agencies secure their information against the inevitability of a breach. While other security companies focus on protecting the perimeter, StrongKey secures the core through key management, strong authentication, encryption, and digital signatures—keeping the core safe even with an attacker on the network. Based in Silicon Valley, CA and Durham, NC, StrongKey has provided cryptographic security solutions for over 19 years and is trusted in mission-critical business operations by some of the largest companies in payment processing, e-commerce, healthcare, manufacturing, and finance.

StrongKey is a member of the FIDO Alliance, a standards organization focused on making simpler and stronger authentication a reality on the internet.

  • Download StrongKey CryptoEngine 2.0 (SKCE 2.0): https://sourceforge.net/projects/skce/
  • Download StrongKey Magento FIDO (MagFIDO): https://sourceforge.net/projects/magfido/
  • Download StrongKey FIDO Server (SKFS) the world's only open-source FIDO® Certified FIDO2 server: https://github.com/StrongKey/fido2