The methods by which we authenticate payments are changing

Last updated: 31 October 2019

Financial services built on vast global technology networks are bringing their innovation into the consumer space at a rapid rate. Over the past few years, we’ve seen an explosion of banking apps, contactless cards, mobile payments—and in the States they even finally introduced EMV cards!

This innovation is changing the shape of banking. Not a day goes by without new ideas like Banking as a Service popping-up, someone predicting the death of the branch, or that fintech is going to decimate the banker workforce.

For the consumer this is an exciting time, with many new services vying for attention. Of course, one of the trickiest parts of any new service is convincing users to trust in the new technology.

That’s why firms are going to great lengths to assure people that security is top of mind. Last week, we wrote about how Amazon could potentially launch a pay by selfie feature that uses facial recognition to authenticate you are who you say you are.

This is the question that many payment solutions are trying to solve. Card not present (CNP) fraud is certainly on the rise in ecommerce, and so companies have moved to find new ways to confirm the identity of the person making the purchase.

One option is the new Dynamic Code Verification (DCV) method where the three-digit code on the back of your card changes every 20 minutes. So if someone steals your account details from a website, or you inadvertently let someone obtain them, they won’t be able to make any future purchases as the code on the back will be incorrect. This simple change means you have to have your card (or companion DCV app) with you when you make a purchase, something that could make a significant dent in CNP fraud.

There are other options too such as the growing field of biometric authentication that will confirm your identity using everything from your iris or fingerprints, to the way you walk, and perhaps even your DNA. Of course, the one issue with this, is that you can change your password, but you can’t change yourself—so any biometric solution would need to encrypt and secure all data so it cannot be tampered with.

And this is where it is important to have layered security. The Federal Financial Institutions Examination Council defines this approach as characterized by the use of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control.

The important thing with all new and improved authentication options, is that they fit in seamlessly with the customer experience, without making things harder for consumers. You certainly don’t want to introduce anything that could make people abandon their shopping carts.

This week, we were at Money 2020 Europe in Copenhagen with fellow industry colleagues discussing everything about the innovation in banking and payments. If you’d like to know more about our insights from the conference, get in touch in the comments below, or follow us on @Gemalto.