What Is Transaction Confirmation and How Does It Work?

The transaction confirmation describes the process of verifying that a financial transaction or a money transfer has been successfully completed.


Transaction Confirmation

The consensus among security experts is that usernames and passwords are not sufficient deterrents for fraudulent and illicit practices in the digital world. Particularly when it comes to data that is highly sensitive and targeted by cybercriminals. This is especially the case for financial data and credentials and bank accounts.

Transaction confirmation, which relies on FIDO authenticators (e.g. a mobile device or a token), is designed to add an extra layer of security by confirming that a transaction is legitimate and indeed authorised by the account or information holder. This is accomplished by requiring the proof of ownership of a private key before a transaction is carried out. That means, even if an account is hacked, no transactions can be performed without first passing additional levels of security.

Transaction confirmation can be used to confirm any manner of transactions, from the login process to actual transactions performed once a user has logged in (e.g. money transfers, payments, etc.).

Furthermore, transaction confirmation goes beyond simply authentication of the transaction itself. It can also be used to confirm whether:

  • the amount being transferred corresponds to the agreed upon amount.
  • the service provider or retailer is indeed who they claim to be.
  • the data being shared is in fact, the data that the user intended to share.
  • the user him/herself has granted third-party authorisation of a transaction.

This not only provides added security for consumers, users, retailers, and service providers, it also ensures adherence to various regulatory obligations, including the General Data Protection Regulation (GDPR) and the European PSD2 Directive.

Transaction confirmation is especially important for transactions that require the service provider or retailer to know, without a doubt, that the user has seen and agreed to certain information (e.g. proof of age verification etc.) and has provided consent for an action to be carried out (e.g. payment transactions).

Benefits of Transaction Confirmation

Transaction confirmation has numerous advantages that benefit both consumers and service providers. They also offer a more targeted layer of security to specific activities. This makes it possible not only to eliminate overtly criminal fraud, but also practices like friendly fraud. Here are a few reasons why service providers should consider transaction confirmation:

  • More control over the transaction process for consumers: Transaction confirmation gives consumers full control over their accounts and personal and financial data by simplifying the processes required to grant and revoke consent and modify any transactions.
  • Added transparency throughout the entire transaction process: Transaction confirmation provides users with full and comprehensive oversight of how, when, by whom, and for what purpose their data is being used.
  • Transfer traceability: Transaction confirmation ensures that there is a complete overview of all transactions, including information about the data or money transferred, as well as all individuals involved in the transaction process. Since transaction confirmation relies on authenticators, there is always cryptographic and unalterable proof of what was authorised and by whom. This is essential for auditing and compliance with regulations like the European PSD2 Directive.
    More information on PSD2 and PSD3 in our blog
  • Thwarting of hard-to-detect attacks: Cybercriminals use attacks like session hijacking and remote Trojans to create or manipulate transactions. As a result, customers may be deceived into paying an unknown third party or transferring a higher amount than intended. Since transaction confirmation prompts authorisation for each transaction by some user action, these types of attacks can almost be completely eliminated.
  • Reduced friendly fraud: Friendly fraud — when family members or friends make purchases without the credit cardholders permission OR when a consumer denies making a purchase — amounts to considerable financial losses for online retailers. Since transaction confirmation requires a unique authenticator to complete a transaction, it is impossible for a consumer to deny knowledge of a transaction after it has been completed.

How does Transaction Confirmation work?

As mentioned, transaction confirmation relies on FIDO authenticators to request proof of ownership of a private key before carrying out a transaction. How exactly does this work?

  • Transaction request: a user makes a transaction request (data or money transfer) to a service provider, application, or website.
  • FIDO authentication request: the service provider et al. requests confirmation of the transaction from the user in the form of an authenticator.
  • Provision of authenticator: the user (‘s device) shows proof of an authenticator (e.g. by responding to a challenge) to ensure that he/she has seen the transaction and provided consent for it to be performed.
  • Validation of authenticator: the service provider et al. validates the authenticator, and the transaction is performed.

FAQ about Transaction Confirmation

Why Is Transaction Confirmation Important?

orange-plus orange-minus

Transaction confirmation is important because it helps prevent double spending and other types of fraud. By verifying that a transaction has been completed and recorded in the general ledger, the confirmation process helps to ensure that the transaction cannot be reversed or altered.

Where Are Transaction Confirmations Used?

orange-plus orange-minus

Banking: Banks use transaction confirmations to confirm to their customers the successful completion of transfers and other financial transactions.

E-commerce: Online merchants use transaction confirmations to confirm the successful completion of orders and payments to their customers.

Cryptocurrencies: Cryptocurrencies such as Bitcoin use transaction confirmations to ensure that transactions have been properly completed and to prevent double-spending.

Insurance: Insurance companies use transaction confirmations to confirm the successful completion of insurance policies and payments to their customers.

Are Transaction Confirmations Secure?

orange-plus orange-minus

As a rule, transaction confirmations are secure if they come from a trusted source. A transaction confirmation is basically a confirmation that a transaction has taken place and that the corresponding funds have been debited from or transferred to an account.

If the confirmation comes from a reputable and trustworthy source, such as a reputable financial institution or a reputable online payment service, then the confirmation is usually safe and reliable in such a case.

What Role Does FIDO Play in Transaction Confirmations?

orange-plus orange-minus

"FIDO" is an acronym for "Fast Identity Online", a group of standards and protocols that provide secure and user-friendly authentication technologies. FIDO can play an important role in confirming transactions by providing strong, multi-step authentication based on a combination of biometrics and public keys.

FIDO authentication usually takes place in two steps: First, the user is asked to scan their biometric data, e.g. fingerprint or facial recognition, or to enter a PIN code. Then, a verification is carried out using a public key stored on the user's device to ensure that the user is actually authorised to carry out the transaction.

By using FIDO, users can quickly and easily confirm their identity while maintaining a high level of security. This can help prevent fraud and identity theft and increase the security of transactions.

For more details on the FIDO Privacy Principles, see our blog.