With the holiday shopping season behind us, most shoppers can probably say with confidence that the worst part of the whole experience was trying to remember passwords for the eCommerce sites they shopped.
It’s not just the holiday season, either.
A recent study by Visa showed that, unsurprisingly, consumers are ready to say goodbye and good riddance to passwords, both because of the friction they create when trying to remember them – and the inevitable stutter step that the “forgot password” prompt creates – and because in the aftermath of the Equifax breach, the public has never been more conscious of how far passwords fall short in preventing fraud and keeping their data secure.
“Everyone knows they have to move away from knowledge-based authentication,” said Mark Nelsen, Visa's SVP of risk products and business intelligence. “It’s not sustainable.”
However, despite consumer and issuer enthusiasm for more secure authentication technology, industry movement around what consumers say they want instead – biometric authentication – has been slower to get off the ground than everyone would like. A lack of understanding of how to integrate and use this new technology within their financial institutions – and then what it will take in terms of cost and manpower to implement it – may be to blame, Nelsen said.
In a recent interview with Karen Webster, Nelsen explained where he’s starting to see momentum building – and how he views Visa’s role in helping issuers accelerate the journey to deploying a technology that all players across the payments ecosystem, especially consumers, are ready to embrace.
Getting Comfortable With Biometrics
Nelsen acknowledged that issuers and merchants have no higher priority than keeping consumer account credentials safe and in securing the transactions in which they are used. But knowing where to start, in the face of so many options for securing customer account data, can be complicated. So too, Nelsen said, is knowing how to align point fraud solutions at an issuer who now sees the value of taking a holistic – and enterprise-grade – approach to delivering a great consumer experience across all touchpoints with the bank: the retail bank, online and mobile channels, and payments.
As attractive as the prospect of having a single, enterprise-scale authentication platform can seem to an issuer, Nelsen said that it also becomes a little bit like boiling the ocean: “It’s a good long-term vision, but hard to get off the ground in practice.”
It was one of the big drivers, Nelsen said, behind the development of Visa ID Intelligence. Nelsen said that ID Intelligence is an ecosystem of authentication solutions to which issuers connect via a single API. Not only does ID Intelligence make a portfolio of vetted solution providers available to issuers, Nelsen said, it streamlines the integration of those solutions within the issuer’s environment. Solution providers assume the burden of integrating with Visa’s ID Intelligence API, enabling issuers to do a single integration. That, Nelsen said, makes the notion of a holistic and enterprise-grade authentication solution across all issuer touchpoints a little less daunting.
And more suitable to getting pilots off the ground, so that issuers can start to experiment with how to use biometrics in a way that adds value for their customers and their institutions.
Greasing The Gears
According to Nelsen, one of the areas in which he’s seen issuers express growing interest in getting biometric authentication pilots off the ground is account origination.
When you look at the stats, it’s not hard to see why.
Over the last four years, Nelsen said there’s been an enormous increase in credit applications – a healthy portion of which are from fraudsters who’ve stolen legitimate credentials and have attempted to use them to open new accounts. Banks now recognize that the best way to combat new account fraud is to put knowledge-based authentication in their rearview mirror, in favor of using tools like identity documents and device data to help determine whether an identity is legitimate, stolen or synthetic.
Three years ago, said Nelsen, the payments world wasn’t ready for biometric authentication. Now, consumers are used to – and comfortable with – such biometric authentication as Touch ID, and even Selfie Pay – and are impatiently waiting for the payments ecosystem to provide an authentication solution that makes passwords a relic of payments authentication history.
It’s a nudge that Nelsen said has become a call to action for issuers to do more to protect consumer data.
“Authentication and protecting consumer data is at the level it needs to be across the entire bank,” said Nelsen.
Like most things in payments, change on this scale can’t and won’t happen overnight, but the wheels of progress are starting to turn. Nelson said that’s why Visa felt it was so important to make it easy for issuers and merchants to quickly connect their systems to proven authentication technologies using Visa ID Intelligence. It’s one way, he said, to give them a running head start on keeping customer data secure, while simplifying the process of giving consumers the authentication methods they want.