The Green Sheet Online Edition

December 26, 2016 • Issue 16:12:02

Multilayered authentication: challenges now, rewards later

By Evi Triantafyllides
PAAY LLC

Remember when payment authentication was as simple as signing a check, the validity of which was then confirmed by comparing it against … yet another signed document? The quest for a less error-prone procedure has led to dramatic leaps in precision, and the days of a single, simple authentication method are long gone.

With payment software development reaching unprecedented levels in the past years and a general evolution in the fintech space, authentication is shifting to entail accurate, sophisticated and multilayered procedures delivered by diverse players within the payments chain .

Multilayered authentication

Passwords, phone numbers, fingerprints, the name of your father's great, great grandfather ‒ your entire DNA string please. In an effort to categorize the various authentication techniques that have come about, the generally accepted, three-tiered classification system has emerged. It includes knowledge-based, ownership-based and inherence-based authentication, described as follows:

• Knowledge-based: Authentication of this type relies on a "secret" piece of information a user knows. Classic examples are PINs attached to chip cards that are required at international POS systems, passwords and personal details that can be answered as part of a "security questions" protocol. This type of authentication can be criticized on the basis that the information can be easily hacked, and providing it can be time consuming for consumers.
• Ownership-based: This is linked to something the customer owns. Even though ownership-based-authentication methods are safer since hacking cannot be done on a collective level, the drawback is that they are inconvenient for users, who always need to have the "authenticator" with them. Examples include showing a passport or using your mobile phone for a specific action; recent, more complex developments include QR codes and RSA tokens.
• Inherence-based: Often termed biometrics, this is the latest, most technologically advanced authentication. It entails a process whereby customers themselves are the authenticators. Ranging from fingerprints to face or voice identification, biometrics is steadily becoming the name of the game, with indications this trend will soon prevail. Tech and payment giants alike (examples being Apple Pay's fingerprint authorization and Mastercard's Selfie Pay) are heavily investing in such software. This trend is justified by the fact that inherent-based authentication is precise, as well as less erroneous, more difficult to compromise and less time consuming for consumers than other methods.

Multilayered authentication, which involves using more than one type of authentication, is expected to play a part in bringing today's proliferating data hacks to a standstill. Pairing different authentication types is becoming standard procedure, and two-factor authentication an industry buzzword.

Authentication in the larger payments picture

What does authentication mean in the grand scale of the payments arena? With MarketsandMarkets reporting a 19.7 percent annual increase in biometric authentication techniques, and with those expected to be valued at $10.8 billion by 2020, authentication is a space to pay attention to, and one that will shape the future of how payments are done.

Moving away from the archaic, straightforward signature model has proven to be multifaceted and clunky, with different authentication methods competing for legitimacy. While there is no way to predict which authentication methods will become the norm, the path toward sophisticated, manifold authentication is uncontestable.

Eventually, rising costs of technology investments and escalating fraud levels will reach their peaks. Monetary investments will start to scale, and return on investment will kick in, turning a double whammy of deficits into a double win of declining infrastructure costs and decreased fraud. Additionally, fraud liability will shift away from customers and merchants (who will now be doing their share by participating in authentication programs), and accountability will increasingly fall upon card brands, banks and the devisors of authentication programs.

Indeed, what now seems to be a messy mix of varied authentication tools should be appreciated as efforts towards securing a more profitable, protected payments future.

Evi Triantafyllides is the Marketing Director at PAAY, a software solution that qualifies e-commerce transactions at lower interchange rates and shifts liability for e-commerce fraud away from merchants, to the card issuers. Evi was the first full-time employee at PAAY. She is responsible for the company's marketing, and at the same time focuses on ISO relations and partnerships. Find out about PAAY at www.paay.co or reach out to her directly at evi@paay.co.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.