As the saying goes, “Where there’s a will, there’s a way.” However, summoning up the will can be difficult, as inertia is a powerful force. We are reminded of this every day when we type in a password to access our computers, online shopping accounts or to make a payment.
Given that World Password Day was this week, it’s timely to acknowledge the computer password is over 50 years old — invented by Fernando Corbato in the 1960s. Since then, other ways for consumers to authenticate their identity have been developed.
However, traditional methods of entering a password, mother’s maiden name, high school mascot or other types of knowledge-based authentication have frustrated even the most patient consumers when the information is forgotten, stolen or has to be typed onto tiny keyboards. More important, there are more secure ways to verify who you are.
The payment industry can move away from passwords in the next five years. Advancements in authentication and anti-fraud technologies are already making static cardholder verification (CVM) methods such as signature and PINs safely optional for merchants and issuers in some environments.
In October 2018, signature became optional for EMV chip-enabled merchants on the Visa payment network due to the security capabilities of the chip. Financial institutions and merchants can also share 10 times more data with each other than ever before for advanced risk-based decision-making to authenticate buyers from any connected device or app, often without asking the consumer to do anything at all. And the growing sophistication of artificial intelligence is making fraud detection faster and more accurate, which opens up new possibilities for new products and services because of consumer confidence in secure payments.
As the ecosystem evolves to be more secure, we can reduce or eliminate the use of legacy verification methods as we continue to implement capabilities that leverage artificial intelligence and biometrics.
Biometrics is an authentication strategy that fits the modern payment system, a system shifting in transaction volume from in-person to digital transactions. Biometric authentication can deliver a frictionless payment experience for account holders while providing advanced authentication security and identity management for merchants, issuers and acquirers to prevent fraud.
A
For security-minded individuals, mobile device manufacturers have addressed concerns about stolen biometric information by storing and encrypting biometric templates — algorithmic representations instead of actual biometric attributes — locally on consumer-owned devices instead of the cloud. This ensures an individual is always in possession of their personal biometric data with the option to delete the data at any time. In addition, authentication accuracy is bolstered by liveness detection used by biometric scanners and software that can identify if a fingerprint is copied or a facial scan is of a mask.
It's been roughly six years since fingerprint sensors were integrated into consumer smartphones and in this short amount of time, consumers have grown increasingly comfortable with the approach. The need for quick and easy authentication will only increase with the growth of digital products and services, and remembering unique passwords for every Internet connected device or app is untenable. Moving your product or service away from using passwords to some form of biometric authentication is not only imperative — it can be effectively done today.
There are some tips for this migration. Consumers should be told to switch to biometric authentication. Physical biometrics are much more difficult to replicate. Criminals would also have to take the extra step of stealing a hardware device in order to commit payment fraud. Many mobile devices and apps offer users the option to switch to biometrics to verify identity or make a purchase.
No solution is 100% foolproof, and alerts are a good safeguard in case login credentials are compromised. If switching over to biometrics isn’t an option, consumers should be told to use a password manager from a reputable solution provider to store the passwords for online accounts. Some password managers also help generate strong, complex passwords.
