Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Multifactor Authentication for E-Commerce: NIST Publishes Cybersecurity Practice Guide SP 1800-17
NIST has published Cybersecurity Practice Guide Special Publication (SP) 1800-17, "Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers"
As retailers in the United States have adopted chip-and-signature and chip-and-PIN (personal identification number) point-of-sale security measures, there have been increases in fraudulent online card-not-present electronic commerce (e-commerce) transactions.
The National Cybersecurity Center of Excellence (NCCoE) at NIST built and documented a security architecture that demonstrates implementations of multifactor authentication (MFA) for consumers who shop online and for e-commerce platform administrators who operate the systems. The NCCoE also implemented a logging and reporting dashboard to display authentication-related system activity for the security architecture.
This new Cybersecurity Practice Guide, NIST Special Publication (SP) 1800-17, demonstrates how online retailers can implement open, standards-based technologies to enable Universal Second Factor (U2F) authentication by consumers at the time of purchase when risk thresholds are exceeded. The example implementations outlined in the guide encourage online retailers to adopt effective MFA implementations by using standard components and custom applications that are composed of open‑source and commercially available components.