What’s Next in Payments Report

Rising Fraud Concerns Lead Payment Executives’ Conversations on Authentication

March 2024

Fraud is rising, and banks and merchants must be more vigilant about ensuring that the party on the other side of the transaction is who they say they are. Nine executives told PYMNTS that AI, biometrics and data sharing are “what’s next and what’s new” in authentication.

More consumer-facing commerce and B2B transactions are moving online, and merchants and FIs must re-examine their security and authentication protocols.
There’s room for advanced technologies such as biometrics and AI to be used as tools in multi-factor authentication.
The key challenge remains the balancing act between friction and a seamless user experience.


Register for Unlimited Access
Fill in the form below for free unlimited access to all our Trackers and Studies.

Thank you for registering. Please confirm your email to view all our Trackers.

    yesSubscribe to our daily newsletter, PYMNTS Today
    By completing this form, I have read and acknowledged the terms and conditions.


     
     
    The pandemic forever altered the payments landscape — moving all sorts of transactions and interactions online. In the process, the anonymity of digital commerce has given fraudsters deep cover — making authentication more essential.

    What’s Changing

    The rise of all manner of tech-enabled schemes, with the dark web offering up sensitive data for the bad actors to purchase and artificial intelligence in the mix, means that authentication is more important than ever.

    Across a series of interviews as part of the “What’s Next in Payments” series, PYMNTS asked what’s new and next in authentication. Passwords may take a while to recede, but the space is rapidly evolving. In the recently-concluded series of the same name, we gleaned insights and a roadmap from nine executives on the frontlines of waging the war against fraudsters.

    Jim Colassano, senior vice president and business product manager for the RTP® Network at The Clearing House said, “Compromises and data breaches are occurring more frequently than we would ever want them to. And once someone gets access to your password, it opens and unlocks a whole different set of opportunities for them, especially if you use that same password on different sites.”

    We are well past the age when passwords have been enough alone to ascertain that someone is who they say they are, or a few security questions give an additional line of defense.

    The Ultimate Goal of Authentication

    Siddharth Vijayakrishnan, senior vice president of product and financial intelligence at FIS Platform and Enterprise Products, said that ideally, authentication should be a “lightweight” endeavor, tied to the act of proving that someone is who they say they are again and again as they move through various digital channels.

    “They want to get into, and out of, an application as quickly as possible,” Vijayakrishnan said.

    “What you want is a system that is designed to let in good actors as easily as possible, and that presents enough of a barrier to deter bad actors,” he added.

    Mike Storiale, vice president of innovation development at Synchrony, told PYMNTS that a few key overarching themes that govern authentication revolve around three tenets: something the user knows (passwords); something the user has (cards or phones); and something the user is (biometrics like fingerprints or facial recognition).

    The Authentication Challenge

    The executives we queried noted an ever-present challenge: The balancing act between security and speed, between caution and convenience.
    “Authentication is a constantly moving bullet,” said Shaunt Sarkissian, founder and CEO of AI-ID.

    “Fear of friction always exists,” Sarkissian observed, adding that stakeholders have “had to adapt and make sure that we don’t create an arduous authentication process. Many times, it looks like companies are just relying on only a password, but many times they’re not.”

    The ubiquity of the handheld device, our executives said, has made it easier to bring biometrics into the fraud-fighting authentication toolkit — and to, in Sarkissian’s telling of it, provide a line of defense at the front end of the interplay between individuals and enterprises.

    Data-Rich Defenses

    Lisa McFarland, executive vice president and chief product officer at Ingo Payments, told PYMNTS a multi-dimensional approach “can offer sufficient credentials to get to a level of certainty for a given transaction.” That multifactor approach can include device-level analytics, including geolocation.

    The use of tech and analytics extends well beyond consumer-facing commerce.

    Jim McCarthy, CEO of Thredd, said commercial commerce must also meet the challenges of authentication. The pain points and vulnerabilities are especially acute with onboarded businesses.

    “The answer lies with data,” he said.

    Once a firm onboards a merchant onto a platform, it is critical to look at data and share that data across the ecosystem — the velocity, types of transactions, where the money is coming from and where it is flowing, he said.

    Kyle King, director of product management at NCR Voyix, said financial institutions now include three or even four factors in decisioning and added that continuous verification and even a bit of friction — which can cement trust from consumers making high-dollar transactions — are key to enhanced security and user experience.

    Consumers “want to see friction, even if it’s just a popup saying, ‘Hey, we have already validated you using behavioral biometrics or location data, and we are good to proceed,’” said King.

    “The intersection of technology and unique identification should be constant throughout the experience,” he added.

    Olympe Leflambe, general counsel, legal, compliance and risk at Mangopay, added that the various authenticating factors “need to be independent, so that if one of the three is compromised, then the other one that the provider is using for strong customer authentication is not.”

    And as Farhad Farzaneh, chief product officer at Trustly, told PYMNTS: “As technology advances, it also makes it easier to commit fraud. So, the methods of authentication have to also move with the technology.”

    “The best payment is one where you’re not there at all,” he said. “Because payments is not what the consumer wants to do. The consumer wants the goods, the transaction is between the merchant and the user. And payments is just a facilitation to make sure that contract is fulfilled.”

    About

    PYMNTS INTELLIGENCE

    PYMNTS Intelligence is a leading global data and analytics platform that uses proprietary data and methods to provide actionable insights on what’s now and what’s next in payments, commerce and the digital economy. Its team of data scientists include leading economists, econometricians, survey experts, financial analysts and marketing scientists with deep experience in the application of data to the issues that define the future of the digital transformation of the global economy. This multi-lingual team has conducted original data collection and analysis in more than three dozen global markets for some of the world’s leading publicly traded and privately held firms.

    We are interested in your feedback on this report. If you have questions or comments, or if you would like to subscribe to this report, please email us at feedback@pymnts.com.

    Disclaimer

    The What’s Next in Payments Series may be updated periodically. While reasonable efforts are made to keep the content accurate and up to date, PYMNTS MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE CORRECTNESS, ACCURACY, COMPLETENESS, ADEQUACY, OR RELIABILITY OF OR THE USE OF OR RESULTS THAT MAY BE GENERATED FROM THE USE OF THE INFORMATION OR THAT THE CONTENT WILL SATISFY YOUR REQUIREMENTS OR EXPECTATIONS. THE CONTENT IS PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. YOU EXPRESSLY AGREE THAT YOUR USE OF THE CONTENT IS AT YOUR SOLE RISK. PYMNTS SHALL HAVE NO LIABILITY FOR ANY INTERRUPTIONS IN THE CONTENT THAT IS PROVIDED AND DISCLAIMS ALL WARRANTIES WITH REGARD TO THE CONTENT, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT AND TITLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES, AND, IN SUCH CASES, THE STATED EX CLUSIONS DO NOT APPLY. PYMNTS RESERVES THE RIGHT AND SHOULD NOT BE LIABLE SHOULD IT EXERCISE ITS RIGHT TO MODIFY, INTERRUPT, OR DISCONTINUE THE AVAILABILITY OF THE CONTENT OR ANY COMPONENT OF IT WITH OR WITHOUT NOTICE.
    PYMNTS SHALL NOT BE LIABLE FOR ANY DAMAGES WHATSOEVER, AND, IN PARTICULAR, SHALL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR INCIDENTAL DAM AGES, OR DAMAGES FOR LOST PROFITS, LOSS OF REVENUE, OR LOSS OF USE, ARISING OUT OF OR RELATED TO THE CONTENT, WHETHER SUCH DAMAGES ARISE IN CONTRACT, NEGLIGENCE, TORT, UNDER STATUTE, IN EQUITY, AT LAW, OR OTHERWISE, EVEN IF PYMNTS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    SOME JURISDICTIONS DO NOT ALLOW FOR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, AND IN SUCH CASES SOME OF THE ABOVE LIMITATIONS DO NOT APPLY. THE ABOVE DISCLAIMERS AND LIMITATIONS ARE PROVIDED BY PYMNTS AND ITS PARENTS, AFFILIATED AND RELATED COMPANIES, CONTRACTORS, AND SPONSORS, AND EACH OF ITS RESPECTIVE DIRECTORS, OFFICERS, MEMBERS, EMPLOYEES, AGENTS, CONTENT COMPONENT PROVIDERS, LICENSORS, AND ADVISERS.
    Components of the content original to and the compilation produced by PYMNTS is the property of PYMNTS and cannot be reproduced without its prior written permission.