In the world of cybersecurity, there’s no prize for being fashionably late with updates.
And in today’s evolving technology and authentication landscape, if organizations aren’t at the tip of the spear with their authentication protocols, they are likely on the receiving end of a fraud attack.
“It’s not just about having a strong defense against fraud, but also having an easy sign-on,” Olympe Leflambe, general counsel, legal, compliance and risk at Mangopay, told PYMNTS for the series “What’s Next in Payments: Authentication: What’s New and What’s Next?”
Leflambe highlighted the three fundamental factors of authentication: possession, knowledge and inherence.
Possession refers to something you have, such as a security token. Knowledge involves something you know, like a password or security question answer. Inherent factors are based on biometrics, including facial recognition, fingerprint scans or behavioral data unique to an individual.
Within the ever-changing authentication landscape, these factors have remained immutable pillars.
“These three factors need to be independent, so that if one of the three is compromised then the other one that the provider is using for strong customer authentication is not,” Leflambe said.
Additionally, she noted, technology neutrality is crucial to foster innovation while meeting the criteria of authentication.
Still, technology does not exist in a vacuum — particularly payments technology, which is highly regulated. And on the regulatory side, upcoming changes in the payments services directive (PSD3) are expected to broaden the scope of strong customer authentication.
Against this backdrop, Leflambe highlighted the increasing sophistication of scammers and the need for artificial intelligence (AI) solutions in authentication. AI can enhance inherent factors, such as biometric and behavioral data analysis.
“It’s not something that’s new or recent, but bad actors it seems always are on top of the technology developments,” she said.
Fortunately, “With the wealth of data that comes across digital channels, everything down to device level information, behavioral analytics, AI; there becomes the potential to really identify, and get a sense of how somebody does act online, or transact or interact with a company,” Leflambe said, clarifying the distinction between authentication and identification.
Identification verifies a person’s identity, while authentication focuses on confirming the legitimacy of a person’s actions or access to certain information. Authentication is primarily a fraud prevention measure rather than a means of verifying personal details.
Payment service providers have a broad view of customers’ transaction patterns, Leflambe said, allowing them to authenticate users across various platforms. Behavioral analytics play a crucial role in identifying unusual or suspicious activities, ensuring a seamless and secure experience for customers.
Friction, when used intelligently, can improve security and customer trust. However, Leflambe cautioned that friction alone is not a guarantee of success against fraud.
Striking a balance between customer centricity and anti-fraud measures is crucial. Data-driven approaches can help assess the impact of friction on conversion rates and fraud prevention, while also exploring alternative measures that do not introduce unnecessary friction.
For example, passwords, despite their limitations, continue to be prevalent in financial services. Leflambe attributed this to historical legacy and the challenge of finding feasible alternatives without introducing excessive friction. While technologies like fingerprint and facial recognition exist, their widespread adoption is still limited.
Authentication is an ever-evolving field, driven by technological advancements and regulatory frameworks. Looking ahead, Leflambe predicted that AI would play a role in authentication, leveraging sophisticated pattern recognition and behavioral data analysis.
“There’s an obligation of all payment services providers to monitor transactions and identify first what’s unusual, and then decide whether what’s unusual is also suspicious,” Leflambe said.
However, she also acknowledged the potential for fraudsters to exploit AI. It is essential to stay vigilant and leverage technology to combat fraud effectively.
“It would be dangerous to think because there’s strong customer authentication in place, then there can be no fraud or there is no fraud,” Leflambe said.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More