The internet and mobile economy have been going through a boom in the last few years. As a result, the online identity authentication industry is growing and evolving quickly.
Effective identity verification continues to be one of the greatest challenges facing business owners, payment providers, and card issuers. There are simply more risks online now.
This is at the same time that online retail sales are expected to reach a record $2.48 trillion in 2018. This is a more than 13% increase from last year. Now, instances of fraud are increasing at an even faster rate.
On one hand, there needs to be more security in online transactions. On the other hand, these security measures can't impede the customer experience too much. Even a small disturbance to the customer experience can cause huge losses in sales.
In facing these challenges, here are the biggest trends going forward.
3D Secure 2 (3DS2)
The “3D” stands for the 3 domains of online payment:
-Issuer Domain (Bank issuing the card)
-Acquirer Domain (The merchant's bank)
-Interoperability Domain (The payment processor)
These domains are the backbone of the 3-Domains-Secure protocol. The original 3DS1 was among the first online verification measures. It uses simple but effective methods, such as static passwords to avoid fraud. It was released in 2000 and has enjoyed widespread
3DS2 is the second version of the 3D secure protocol. It comes with greater security while addressing the shortcomings of its predecessor.
The 3DS2 protocol tackles cart abandonment and mobile inconveniences. This keeps customers from giving up on a payment due to frustration, a massive problem with 3DS1.
Further, 3D Secure is the only protocol to offer liability shift from the merchant to the issuer in case of chargebacks. A chargeback occurs when a cardholder reports to their issuing bank that their credit card has been fraudulently used. Liability shift
was available in 3DS1, and will continue to protect merchants against chargebacks in 3DS2.
Expect 3DS2 to become much more popular going forward.
Behavioral analytics is already a popular tool for merchants. Behavioral analytics allows merchants to learn to detect fraud. It does this by using a database of thousands of unique data points during return visits.
This data can be collected fairly easily. All it takes is an application.
The data can also be used to build user profiles for each customer. New or abnormal behaviors can be automatically assessed based on how erratic their behavior is.
Of course, it is impossible for anyone to behave the same way online all the time. There are many options for how behavioral analysis can be applied, and it is still a work in progress. Going forward, behavioral analytics should improve and become more popular.
Risk-based authentication is being applied with big data and machine learning. The risk-based authentication process starts with massive volumes of information being collected. Machine learning helps analyze this data and use it to assign every transaction
a "risk score".
The factors that are used to assess risk vary. For example, a constantly changing IP address, or an abnormally large purchase.
Risk-based authentication solutions have proven to be very accurate. Some companies report a 90% reduction in fraud as a result according to Mastercard.
Passwords are among the oldest method of authentication in history. They remain very popular, and for good reason. They are simple and somewhat effective at deterring fraud.
The problem is that they are also fairly easy for cybercriminals to steal. 37% of customers report that they change passwords less than once a year.
On top of being ineffective at stopping fraud, static passwords also hinder the customer experience. They add more friction to the payment process, especially in the case that a customer forgets their username or password.
As a method of security and customer experience, static passwords will continue to prove ineffective.
Address Verification Systems (AVS)
Address verification is more a fraud prevention measure than an authentication tool. It allows merchants to compare the billing address and card address of the customer. Once the process is complete, the merchant can see how closely each address matches.
The merchant can use the information gained using an AVS to decide whether to complete the transaction.
These verification systems have a few problems. First, they only verify the address of the customer. If a fraudster has access to a victim's card, they will likely have access to their billing address as well.
These systems are also unpopular outside the US, so they are a bad option for international transactions.
AVS will continue to lack in effectiveness when compared to other measures.
Biometrics, mainly fingerprint authentication, is regarded as the most effective standalone authentication measure.
Biometrics such as fingerprint and retina scans are easy to conduct from many smartphones. While they are not universally available to most customers, biometrics are an excellent authentication option.
Biometrics are seamless. They are fast and do not require effort on the customer's part. They do not need to remember anything.
It is also difficult to copy someone's biological features.
The biometrics industry is expected to increase massively in the coming years. It is expected to be a $30 billion industry by 2021 and 93% of customers state a preference for biometric authentication.
Multifactor authentication involves a multi-step process. One example is a knowledge check (security questions). Other options are single-use passwords sent to your mobile or email. Biometrics is another option that is often included.
This option offers a very high level of security at the cost of annoying the customer. 74% of businesses using multifactor authentication report complaints from their customers.
Geolocation authentication involves using the location of the user's device to authenticate them. If the user's card is registered in one country but used in another, the transaction may be blocked by the issuer.
The growing popularity of international travel and VPNs present a challenge to geolocation. Geolocation also doesn't verify the actual user during the transaction.
Despite these issues, geolocation is a generally nonintrusive and accurate fraud prevention tool.
Due to high demand, there is now a high supply of authentication tools available. While they all have their pros and cons, they must each be considered on their own merits. There is a fine line that must be walked between security and customer experience.
All things considered, the only technology that clearly meets the challenge is the 3DS2 protocol. It effectively incorporates all these aspects into one robust solution. It offers a high level of security without ruining the customer's experience.