Blog article
See all stories »

Smartphones, Strong Authentication and Cardholder Expectation

Brave New World

Would you believe, we still rely on fifteen-year-old technology for today's internet payment security? So much has changed in that time, the exciting news is we’re about to make a big leap, into a very different-looking future.

Internet shopping is no longer about a simple laptop or desktop browser. Consumers aren’t happy to be constrained, either by geographical location or device. They want to buy what they want, where and when they want – and with total security.

Borderless world

Browsing on my smartphone, I saw some cushions I liked on Pinterest. They weren’t available in the UK, so I ordered them from the US instead. It took roughly six minutes thinking nothing of it; no niggling fears about whether my card details are safe, click, click and cushions are on their way.

You don’t need to my story to realise that mobile devices will be the preferred device for internet shopping in the future.

The end of passwords

Not only are passwords old-fashioned and insufficiently secure, but they are also now out of line with consumers’ expectations. And we’re about to see an enormous change in the world of online payment security.

3D-Secure 2.0 changes everything

3D-Secure 2.0 is the new version of 3D-Secure 1.0 protocol. Now developed by EMVCo, the protocol does indeed change everything. The key difference lies in its support for mobile app integration. 3DSecure 1.0 wasn’t built with mobile purchasing in mind and struggles to integrate payment authentication on mobile devices smoothly.

3D-Secure 2.0 is going to address this and offer support for all apps, native, hybrid or web-based, as well as improved support for mobile browser purchasing. Also, EMVco has designed the protocol not only to be compatible with smartphones and PC's but also the internet of things; TV's, cars, echo boxes, etc. We'll see retailers find new exciting business models to leverage this technical capability.

Another remarkable thing about 3D-Secure 2.0 is the wealth of data it gathers in the process, which means risk screening and risk scoring can take place very early in the transaction. The new 3D Secure flow is more seamless to the customer and speeds up check-out time, due to its technical design you can find out more by visiting EMVco's website

Merchants and Banks, do need to make sure they are ready for this change. It’s not just a question of adapting to the devices in use today, but also the ones we’ll see in the future, too. 3D Secure 2.0. For banks have to think about secure authentication, as quickly as possible. We need to ‘future proof’ ourselves. So it’s goodbye to passwords and other static forms of authentication, and hello to new ways of authentication, such as biometric forms of ID – fingerprints, for example, and selfies.

Say cheese!

Authentication based on biometric technology has been greeted enthusiastically by consumers during trials (such as Mastercard’s Identity Check, currently being rolled out across twelve territories). Cardholders just take a picture of themselves and facial recognition technology does the rest. It does seem that in the future, what matters will not be ‘what you can remember’ but quite simply ‘who you are’.

Realistically this is an enormous change, moving from 100% static authentication. I see Banks looking for the perfect authentication solution. What Banks need to do is embrace multiple forms of authentication types to suit their diverse customer base, invest in systems that are highly flexible.

How can we be ready for this change?

Preparation, as The Body Coach Joe Wicks will tell you, is essential. The sooner Banks make a start on implementing secure authentication the better. Companies like CA Technologies can help find exactly the right solution for each Bank. There’s no ‘one size fits all’ approach. Of course, it will be challenging. Not all consumers have smartphones; not everyone will be ready to adopt new technologies straight away. The two protocols – 3D-Secure 1.0 and 2.0 – will co-exist for quite a while, indeed during the period 2017-2019, by the end of which the market will fully switch to 3D-Secure 2.0. So for this time it will be key to developing a flexible framework for different types of authentication.

There is absolutely no doubt that the future is going to look very different, but with the right support, and a head start on preparing for this, tomorrow looks brilliant indeed.

If you are considering your strong authentication strategy, I can offer you a wealth of knowledge and experience to help you shape your strong authentication roadmap.

Useful links:

EMVco's website


Comments: (0)

Now hiring