The way in which consumers verify their identity online is rapidly changing, a development being driven forward by biometric data. Carlos Häuser, MD at MEF Member Wirecard Technologies explains.
Consumers should probably not be too surprised if they soon find themselves being addressed as follows: “Dear customer, please turn on your webcam and have your ID at the ready. We will shortly conduct a brief ID check”. This kind of procedure may, for example, be introduced for opening an online account in order to verify a customer’s identity, thereby making the personal signature a thing of the past.
But what does this trend mean for customers, online merchants and banks who, up until now, have traditionally used passwords and signatures? Moreover, how safe are these new means of identification?
The European Banking Authority has stated that online merchants will require two mutually independent customer identifiers before accepting payment in the future. Directives such as the Secure Pay Directive (PSD II) demonstrate the European Commission’s commitment to making cross-border payments quicker and safer, while also reducing the risk to the end customer.
The fact is that traditional passwords are increasingly being replaced by new means of authentication. One of the reasons for this is that customer identification has become one of the most important aspects of payment processing. In case of doubt, it offers more effective protection against fraud than a credit check, as this will only rarely detect if a customer’s identity has been falsified. In contrast, modern means of authentication are able to do this.
The boom in m-commerce is driving the acceptance of biometric data
It is for this exact reason that measures are being put in place which go further than conventional password authentication. It is very likely that biometric data will become more important as a result of the strong growth in the m-commerce market. Consulting firm Acuity Market Intelligence recently stated that they expect biometric data to be integrated into approximately 65% of all m‑commerce transactions by 2020. Furthermore, a global study conducted by Mobey Forum showed that 22% of banks already use some form of biometric data for the purpose of authentication, while a further 65% plan to introduce this type of service in the future.
Initial studies have shown, for example, that the use of fingerprint sensors increases user‑friendliness. This involves customers quickly using the fingerprint recognition service on their smartphone to confirm a mobile transaction. Scanners have now become relatively cheap and simple to install, meaning that they can be integrated into different payment channels, for example point of sale terminals or ATMs, thereby increasing the recognition factor within the context of financial transactions.
On account of their great potential, further biometric identification measures are currently being discussed, for example heartbeat authentication, although it will admittedly take a while for identification methods such as these to become reality, let alone accepted. However, in the future, further “multi-modal” means of biometric identification are expected – that is to say, processes which react to a combination of biometric sensors as a security feature. These range from face and iris recognition to keystroke dynamics.
EU commitment to making cross-border payments quicker and safer
The European Banking Authority (EBA) has stated that online merchants will require two mutually independent customer identifiers before accepting payment in the future. Directives such as the Secure Pay Directive (PSD II) demonstrate the European Commission’s commitment to making cross-border payments quicker and safer, while also reducing the risk to the end customer. Linked to this is an effective method of combating data theft and abuse. This is known as two-factor authentication.
This involves the user being asked for specific identifiers and the combination of two differing communication channels. For example, a customer may be asked only for their card number and CVC code online. They then, by way of a second level of security, receive a one-time password or verification code delivered via SMS to their smartphone, which they then use to confirm the transaction. Additional biometric identifiers or the use of (hardware) tokens are also possibilities. Ensuring a simple and brief form of media disruption is involved in the payment process makes it much harder for hackers to attack, without compromising its customer-friendly nature.
Obviously there are some critics who fear that surplus data will be stored alongside the electronically captured personal, physical and behavioural data. Additional information may relate to a person’s character, their health or ethnic background.
This means that all users of biometric identification methods are obliged not to pass on the respective data to any third parties. Confidential data must also be deleted immediately after it is no longer relevant for its original, stipulated use. The European Commission will therefore be required to issue directives aimed at ensuring mass suitability of new security measures.
Biometric identification methods can increase the acceptance and use of electronic payments such as mobile payments around the world. The use of fingerprint sensors improves user-friendliness. For example, a user can quickly enter information without the need to remember a PIN, password or a swipe pattern. At the same time, the function increases the customer’s sense of security, because a mobile payment can only be made once a fingerprint reading has been approved. These are decisive factors in the acceptance of all new electronic payment methods.
This post originally appeared on the Wirecard Blog and is reused with kind permission.