GBIC statement on the secure display of transaction data with the FIDO2 standard

The German Banking Industry Committee (GBIC) is pushing for an extension of the FIDO2 standard to ensure the secure display of transaction data. Currently, the standard only allows a hash value to be transmitted to the authenticator, but not the full transaction details. This poses a security risk, particularly in PC architectures, which is why GBIC proposes that the complete transaction data be transmitted directly to the authenticator and displayed there on a secure display. This would give users the opportunity to securely check the transaction details before confirmation. In addition, the authentication code should be linked to the displayed data to ensure the integrity of the transaction. Extending the specification to include a standardized interface for these functions is essential in order to adequately meet regulatory requirements and thus make the standard usable in the financial sector.