Before the era of the Internet, payment authentication was as simple as requiring a signature on a paper check and matching it to a person’s driver license. Now, the process of proving, showing and determining that transactions are not fraudulent is much more difficult, and the responsibility falls on the consumers. After all, it is their information that they’re protecting, right?
The most obvious form of user authentication is the password. Unfortunately, as we pointed out in a past blog post, passwords are not 100 percent foolproof, and often, individuals and businesses have dozens of accounts but only stick to a few different words and phrases. In fact, it’s common for people to have around 25 login names on various websites for every five passwords they employ.
The current authentication climate
It’s clear that current authentication methods do not cut it in the digital world, but before fixing the problem, it’s important to look at the basics of these practices. Right now, there are three different forms of authentication:
- Knowledge: This is something that the consumer knows, such as a personal identification number (PIN), a password or personal questions (i.e. your mother’s maiden name).
- Ownership: This method of authentication relies on something that the customer possesses, including a credit card or driver’s license. MasterCard Biz noted that ownership authentication techniques are more secure than PINs and passwords because hacking on a grand scale is extremely difficult. However, this introduces inconveniences to the consumer.
- Inherence: The customers themselves are the authentication method in this regard, as it requires signatures, fingerprint scans, voice recognition and facial identification. According to the source, this would be the best of the three methods in terms of security and ease, yet it is not completely without challenges, as implementation of these systems would be expensive.
The future of authentication
To solve many of the problems associated with payment authentication, businesses have turned to multi-factor techniques. While some individuals may refer to two-factor authentication as multi, they would be incorrect largely because standard methods are just using single factor tactics twice, such as entering a password and being texted a one-use code. This introduces more hassle and no added security, especially if the device is already compromised.
Real multi-factor authentication is the combination of at least three of the basic forms – more than one method can be taken from a category. However, Kevin Michaluk of Crackberry explained on Androidcentral that multi-factor authentication in it’s current form is difficult, to put it politely, which is a huge hurdle to end-user adoption. Using passwords, PINs, smartcards and USB tokens can start to take a toll on the consumers, and sooner or later, they might just give up and move to cash. Furthermore, if a device is lost or stolen, all multi-factor bets are off.
The savior of biometrics
Despite the dislike for multi-factor authentication, a Markets and Markets report identified that the market for these technologies and applications is expanding at a compound annual growth rate of 19.7 percent, with it expected to be worth $10.8 billion by 2020. How is that possible? Biometrics.
Biometrics technology might seem like it’s been ripped from an action or sci-fi movie, but it’s real, and a very valuable tool for payment processing and authentication. This method would fall under the inherence category, as it requires the scanning of fingerprints, faces, eyes and voices. Biometrics aren’t too common yet, but with Apple Pay leveraging fingerprint collecting technology, it can catch on.
MasterCard Biz reported that biometrics can put to rest all of the multi-factor authentication worries. For one, fingerprints, irises and faces are unique, unlike passwords and PINs which could be guessed or devices and payment cards that can be stolen. Another benefit of authentication is that consumers always have the tools they need to complete transactions. Imagine a world where digital wallets aren’t required because customers can always confirm their identities with a biometrics scanner.
Finally, it’s nigh-on impossible to commit fraud with biometrics authentication, especially with multiple factors involved. The technology to replicate retinas or trick fingerprint scanners is not available yet.
The confirmed future
While biometric solutions offer a lot of benefits, the future of payment authentication still lies in multi-factor techniques. In a separate article on the MasterCard blog, the company reported that it is working on a mobile application for e-commerce environments in which consumers’ identities are identified with voice and facial recognition, and the results of combining the two expressed a successful verification rate of 98 percent.
The convenience of voice and facial recognition might be enough to inspire customers to start using these forms of payment authentication, and it could even be a great way to detect fraud. PYMTS.com reported that voice recognition tools can even detect fraudsters who have been “blacklisted” as they speak in real time.
The future of authentication is going to be multi-factored and biometric-based. This might be the only way to stay a step ahead of fraud and cybercrime, but businesses need to start by procuring the hardware and software to make this future a reality.
Is Your Business Secure?