Delegated Authentication Helps Speed the Shift to Passwordless Future 

In a world where online commerce continues its inexorable rise, authentication and transaction processes have become more critical than ever.

Delegated authentication has the potential to revolutionize the way we prove ourselves online. However, there are several challenges that need to be addressed before an optimal, online commerce future can be realized.

According to Jonathan Van der Merwe, group lead product manager at Entersekt, one of the biggest stumbling blocks toward a passwordless future is the technological and behavioral hesitations that come with it.

Diverse Ecosystem, Several Stakeholders

“To get adoption of a new technology or even a new workflow, using the same technology sets but in different ways, is quite difficult because you need to have the orchestration work across all of these various ecosystem players,” he explained.

Van der Merwe suggests that moving away from static passwords toward one-time passwords (OTPs), in-app authentication and fast identity online (FIDO) is the way forward.

“Moving on to newer technologies like FIDO, which allows for federated authentication ID within the application that you’re using to authenticate yourself, is effectively using the application using your device, whether that’s a laptop, a PC, or a mobile device,” he told PYMNTS.

Another challenge is regulatory and compliance issues, which can slow down the pace of innovation in the industry.

However, Van der Merwe believes that delegated authentication — using a third party to authenticate the cardholder — is gaining currency as a potential solution. In traditional processes, “Today, effectively when it comes to eCommerce authentication, the onus of authenticating the cardholder is on the issuer. So what the merchant does is it effectively breaks out to the card association and says, ‘Hey, I’ve got this cardholder. They want to perform a transaction on my merchant site,’” he said.

Merchants are always looking for ways to enhance the customer experience, and delegated authentication is a process that allows merchants to authenticate the cardholder instead of relying on the issuer.

Positive Experience at the ‘Last Mile’

According to Van der Merwe, delegated authentication is effectively putting the last mile of the authentication experience into the hands of the merchant. He explains that this winds up benefiting merchants because having a good experience at that “last mile” of interaction means there are fewer basket abandonments, effectively ending that interaction, with frustration on the part of the cardholder and lost sales for the merchant.

Issuers need to implement the same level of rigor and security as they have been doing for the last 20 years to ensure the safety of their customers’ information. Additionally, issuers accept liability shifts in delegated authentication, meaning they will be responsible for any fraud that occurs during the transaction.

Van der Merwe believes that biometrics can provide a level of proof that is useful in delegated authentication, but it is not enough on its own.

Biometrics removes the need for a second factor such as an OTP, making the process much smoother. By using the native browser and interface that the user is familiar with, biometrics creates a sense of trust and familiarity that is essential for a successful transaction.

“Nobody wants a very friction-filled payment experience. Once you start adding in barriers and hoops and jumps that you have to do in order to authenticate a payment, the opportunity to abandon the payment dramatically increases,” Van der Merwe said.

He explained that with delegated authentication, the issuer is going to accept liability shifts, and if anything goes wrong with that transaction, the issuer is going to have to foot the bill for that fraud. This is where Secure Payment Confirmation (SPC) comes in, which gives the experience of the challenge to the merchant while allowing the issuer to generate proof of authentication.

FIDO technology takes the frictionless aspect of biometrics to the next level by creating a built-in experience that users already trust. While a passwordless future may still be aspirational, biometrics is a step in the right direction. “Once you start using technologies like FIDO, where that is getting delivered from the native experience of the browser, it reduces the friction even more by creating this built-in experience that users already trust,” Van der Merwe said.

Van der Merwe emphasizes that the future of transactions will involve a choice between privacy and speed. “If you’re doing a payment and being a bit more private about what you’re purchasing or on the website that you’re browsing, you’re going to want to have the confidence of authenticating that type of transaction,” he said, adding that “on the other hand, if you’re performing your daily task, you’re just buying your shopping online, it might be groceries that you want to have delivered to your door. You’re not too worried about the data that you’re sharing, and actually, the thing that you’re after is speed.”

Van der Merwe also posits that artificial intelligence (AI) and big data risk models will play a critical role in identifying users and reducing friction in transactions.

“In a not-too-distant future, two to three years from now, we should see 80% of all transactions being performed frictionlessly but at the same time being authenticated,” he said. “And together with things like AI and big data risk models, we’ll be able to identify without any additional input, without any additional user authentication, we’ll be able to identify that, ‘This is Jonathan — and this is Jonathan performing his daily grocery shopping.’”