Moving Target: Payments Dynamics Complicate Authentication Picture

Payments increasingly exist and occur across a multifaceted, ever-evolving digital terrain.

What this means is that a digital payment is never just a payment — it is a combination of contexts and identities, each of which needs to be anchored by an authentication protocol for the transaction to be settled between the two, at a minimum, parties.

As the world of payments becomes more electronic, authentication methods are evolving to keep up with the increasing complexity of customer identity verification.

“Authentication is a constantly moving bullet,” Shaunt Sarkissian, founder and CEO of AI-ID, tells PYMNTS for the series “What’s Next in Payments: Authentication: What’s New and What’s Next?

“And where the payment starts and stops, and where the authentication begins, is melding into the same process,” Sarkissian explains. “… Doing an online transaction is more authentication these days than it is payment.”

Authentication is the process of confirming a customer’s identity through various factors such as knowledge, inference, ownership and user location.

The concept of multifactor authentication has gained prominence, combining traditional methods with invisible authentication techniques. These invisible methods analyze background data without the customer’s knowledge, creating a more effective and secure authentication process.

“It is no longer just a password with a PIN,” Sarkissian says.

Dynamic Landscape of Authentication

As technology evolves, so too must the methods employed to verify and secure online transactions.

In the past, IP addresses were used to authenticate customers, but this method has become less reliable.

“We’re now moving to a world of one consumer, multiple devices, multiple channels — and the ways that we used to authenticate a customer … all goes out the window,” Sarkissian says.

Additionally, false positives, where a legitimate customer is mistakenly rejected, are a concern for merchants. To address these challenges, a different set of authentication methods and approaches are required for each customer, ensuring a balance between security and a seamless user experience, Sarkissian says, explaining that the “biggest concern any merchant has is kicking out a good customer.”

Passwords have long been the primary method of authentication, but the reliance upon them is gradually shifting. Sarkissian says customers have become accustomed to one-click checkouts and simple authentication processes, leading to the adoption of invisible authentication methods. These methods work behind the scenes, providing additional security without adding visible friction to the user experience.

However, passwords, for their part, do give customers a sense of ownership and control over their security.

Passwords and the Need for Change

Injecting the right amount of friction into the authentication process is crucial. Sarkissian suggests front-loading the authentication process during onboarding and when storing card details. This reduces friction during subsequent logins and transactions, providing a seamless experience for customers. Technologies like Apple Pay and credential cash wallets play an important role in reducing friction by authenticating customers ahead of time.

“Fear of friction always exists,” Sarkissian explains. “… We’ve had to adapt and make sure that we don’t create an arduous authentication process. Many times, it looks like companies are just relying on only a password, but many times they’re not.”

Several advanced technologies are shaping the future of authentication. Biometrics, such as touch or visual recognition, provide a front-end authentication anchor. Passive methods, like device fingerprinting and profiling, create quasi-anonymous user profiles to assess the authenticity of a customer, while hardware-based authentication offers additional security measures, Sarkissian says.

These technologies, when combined, create a robust authentication process, ensuring a higher level of security for customers.

Still, Sarkissian remains skeptical that the payments and financial services industry will ever move to a passwordless future.

He says he believes that passwords will continue to have value, as they provide customers with a sense of control over their security. However, the future may see passwords becoming less visible, with a deeper focus on invisible and passive authentication methods. The industry will continue to evolve, exploring new forms of authentication, such as biometrics and hardware-based solutions.

“The more you trust one factor of authentication, the greater the risk — you always need to have multiple facets, and those facets will also be changing,” Sarkissian says.