Authentication Gold Standard Balances Security and Utility

If payments make the world go ’round, authentication keeps it spinning.

As online interactions spread, and commerce goes digital, the critical role of authentication processes, protocols and innovations is growing more pronounced.

And knowing that identity is not the same thing as authentication is becoming equally important for organizations.

“Identification is the process of establishing the identity of an individual, while authentication verifies that the person is who they claim to be. And authentication provides a level of certainty that is very much use-case dependent,” Farhad Farzaneh, chief product officer at Trustly, told PYMNTS for the series “What’s Next in Payments: Authentication: What’s New and What’s Next?”

Authentication methods have evolved over time. Initially, authentication relied heavily on visual identification, such as matching a physical ID card to a person’s face.

As technology advanced, authentication became more reliant on what individuals know, such as passwords and personal information.

With the rise of online interactions, authentication has shifted toward multifactor authentication, combining what individuals know, have, and are, Farzaneh said.

“As technology advances, it also makes it easier to commit fraud. So, the methods of authentication have to also move with the technology,” he added.

Role of Biometrics and AI

Against the backdrop of technological advances and the need for secure ways of transacting, biometrics, particularly facial recognition, have become a prominent authentication method.

“Right now, we’re back a little bit again to a model of ‘what you are,’” Farzaneh said, speaking to the connection between the personal identity element of biometrics and the traditional process of establishing physical identity.

However, the emergence of synthetic visuals generated by artificial intelligence (AI) systems, such as deepfakes, poses new and important-to-address challenges within the authentication space.

Farzaneh highlighted a recent case where AI was used to create convincing dupes of a company’s executives on a video conference call, leading to a fraudulent, multimillion-dollar transaction.

The ability to create synthetic visuals “makes the multifactor approach even more important,” he said. “That combination [biometric authentication paired with validated ownership of a device], from a biometric standpoint, is crucial.”

And all the rapid advances — both in end-user and consumer behavior, as well as in payments technology more broadly — have seen other security-sized holes appear in more traditional and legacy authentication measures, including the humble password.

Passwords have been a widely used authentication method, but their future is uncertain due to the ability of bad actors to crack them with more ease compared to bypassing other authentication protocols.

Farzaneh, for his part, said he believes that passwords will continue to play a role for some time due to their universality and familiarity. However, the industry is moving toward passwordless solutions, such as password keys, which offer convenience and security. Still, even these solutions often have a password backup for fallback scenarios, he noted.

Need for Security, Convenience

“Authentication, as we said, is very much use-case dependent. It is tied to what the cost of fraud is,” Farzaneh said.

That’s why it is so critical that authentication should strike a balance between providing certainty and maintaining a seamless user experience.

Friction, in the form of additional authentication steps, can reinforce trust and legitimacy. However, excessive friction can lead to user dissatisfaction. Finding the optimal level of friction is crucial for effective authentication.

“The best payment is one where you’re not there at all. Because payments is not what the consumer wants to do. The consumer wants the goods, the transaction is between the merchant and the user. And payments is just a facilitation to make sure that contract is fulfilled,” explained Farzaneh, adding that authentication is the crucial facilitator enabling the payment that enables the contract.

That’s why, as the authentication landscape continues to evolve, it is crucial to prioritize user experience, security and adaptability.