Data Protection Data Protection
28 Aug 2018

StrongKey and NIST’s NCCoE Collaborate on Practice Guide for Multi-factor Authentication in E-commerce

Press Releases

StrongKey Supplies FIDO Server and New Open-source Component to Improve Upon Passwords and Their Ensuing Fraud Risk

CUPERTINO, Calif. – Aug. 28, 2018 – StrongKey announced today that it has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a project to help retailers and e-commerce merchants reduce the risk of fraud by implementing multifactor authentication for risky transactions. This past year saw more than a 30 percent increase in e-commerce fraud attacks as online and mobile transactions continued to outpace brick-and-mortar stores. As a result, the NCCoE has just released a draft practice guide NIST Special Publication 1800-17, Multifactor Authentication for E-Commerce.

This practice guide demonstrates how commercially available technologies like StrongKey CryptoEngine* can be integrated with existing web and mobile applications to enable strong authentication as well as receive transaction authorization using digital signatures to mitigate the risk of e-commerce fraud. The guide provides detailed instructions on how to accomplish these objectives.

StrongKey was chosen as a Technical Collaborator on the strength of its products and ability to contribute towards the completion of the project’s mission. The company contributed its FIDO® Certified server and created an open-source component, Magfido, demonstrating the use of FIDO-based strong authentication with Magento, the world’s most popular, open-source e-commerce platform.

Arshad Noor, CTO, StrongKey, said: “One of the primary causes of poor cybersecurity is the continued use of passwords, a 60-year-old technology, as the sole authentication mechanism for sensitive transactions and resources. FIDO Alliance protocols are an industry-wide attempt to eliminate passwords from the internet. StrongKey’s contributions to the industry, with its open-source FIDO server and the Magfido component, demonstrates how e-commerce companies may protect themselves and their customers from fraud.” 

Bill Newhouse, NCCoE senior security engineer, said: “In today’s digital world, usernames and passwords are no longer sufficient to protect your identity when shopping online. We launched this project to help online retailers implement multifactor authentication to protect their customers’ identities and to help reduce e-commerce fraud. Multifactor authentication is a powerful tool—this guide provides step-by-step instructions on how to use it.” 

The NCCoE and StrongKey believe this guide helps meet a critical cybersecurity and economic need, but public comment is appreciated. Download the draft guide and provide feedback on the NCCoE comment page. The public comment period closes on October 22, 2018.

*While the example implementations use certain products, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.

About StrongKey

StrongKey makes data breaches irrelevant by redefining how businesses and government agencies secure their information against the inevitability of a breach. While other security companies focus on protecting the perimeter, StrongKey secures the core through key management, strong authentication, encryption, and digital signatures—keeping the core safe even with an attacker on the network. Based in Silicon Valley, CA and Durham, NC, StrongKey (also known by our legal name, StrongAuth, Inc) has provided cryptographic security solutions for over 17 years and is trusted in mission-critical business operations by some of the largest companies in payment processing, e-commerce, healthcare, and finance. Learn more at

StrongKey is a member of the FIDO Alliance, a standards organization focused on making simpler and stronger authentication a reality on the internet.

For more information, please visit

PR contact:

Pashara Black