Thanks to the increase in mobile technology and online shopping in recent years, the need for simple and secure online payment methods has become an important issue.
With our newfound freedom of being able to purchase pretty much anything imaginable from the comfort of a mobile device, there comes a significantly increased risk of identity theft and fraud.
In fact, the rate of fraudulent activity online has risen to an astounding 1 in 60 transactions worldwide.
Technologies, such as 3D Secure, can be implemented to help authenticate transactions and protect both online shoppers and merchants alike.
The first version of 3D Secure has, for many years, relied on a pre-set, static password set up beforehand with the financial institution associated with the card as the main proof of buyer authenticity.
The password is generally required via a pop-up window at checkout to authenticate the buyer's identity and complete the checkout process.
This method has proven to be effective for identity verification and preventing fraudulent transactions over the years.
But, as time went by, and eCommerce platforms evolved while fraudsters got savvier, the static password strategy started to show some weaknesses.
The pop-up windows also added friction to the checkout process, the two most pressing issues being that users feel uncomfortable being redirected to a separate pop-up screen and it can make navigation clunky on smaller mobile phone screens.
The second version of 3D Secure looks to solve both these problems with the implementation of biometric identification (think: fingerprints, iris scanning, and facial recognition).
Most new mobile phones are already equipped with some kind of biometric identification ability so 3D Secure 2.0 can easily be integrated with these capabilities.
Biometric identification through 3D Secure 2 also takes care of several other challenges, all in one solution.
Card providers are making biometric identification mandatory
One of the biggest global card providers, Mastercard, has announced that starting in April 2019, the option of choosing biometric authorisation as a means of verifying identities during online transactions should be made available to all Mastercard users.
This is a huge step forward in the standardisation of biometric check-out technology because it means that all financial institutions offering Mastercard-branded cards must provide the option of biometric verification to their customers.
And seeing as 93% of consumers and 92% of banking professionals choose biometrics as their validation method of choice, it is certain that the other credit card companies will soon follow Mastercard’s lead.
Payment regulations are strongly in favour of biometrics
The second Payment Services Directive in the EU has placed a big emphasis on Strong Consumer Authentication (SCA), which is specifically aimed at card -not -present online payments where it can be challenging to verify if the purchaser is in fact the authorised cardholder.
SCA-approved authentication systems will utilise three types of independent information to verify a customer’s identity:
- Verification through a piece of information that the buyer knows (e.g. password, PIN)
- Verification through something the buyer possesses (e.g. card, mobile phone, hardware token)
- Verification through something that the buyer is (e.g. fingerprints, facial recognition, iris scanning – i.e. biometrics).
At least two of the three elements must be provided in order to successfully authenticate a transaction.
Due to this new mandate, biometric identification will become a necessary part of most online purchases within the EU.
Although the PSD2 directive came into effect during January 2018, SCA will only come into full effect during 2019 as a mandatory step for online merchants to implement.
Enhanced user experience
Not only do these new regulations and advances in biometric identification offer added security to online transactions, they also significantly improve the user’s buying experience.
With existing methods, the customer would often be taken away from the checkout process to a separate authentication screen through a static password verification method.
This means first taking the time to sign up and register with the card issuer (e.g. banks) in order to activate the authentication service.
Even after registering, these services were only ever meant for standard web browsers and not optimised for modern mobile technology.
Therefore, this requires a lot of effort from shoppers plus they also have to add yet another entry to the list of passwords they have to remember, just to prove they are the authorised card holder.
It all culminates into a cumbersome user experience.
Thankfully, these issues are soon to be a thing of the past.
With biometric verification, you will never have to change or even remember a password.
All you will have to do is touch the fingerprint sensor or point the camera at your face and the biometric software will take care of the rest.
Improved conversion rates
So far, we have seen the benefits of biometric identification as they relate to the consumer. But what about the merchants?
Well, when user experience is enhanced and the checkout process becomes smoother for the customer, conversion rates are bound to rise.
With biometric verification, the check-out time has been shown to decrease by up to 85%, which reduces cart abandonment by an estimated 70%.
Before biometric identification technology was available, vendors had to make a tough choice. They wanted to increase security and prevent fraudulent transactions but at the same time they needed their check-out processes to be as quick and easy as possible.
Identity verification using SMS codes and pop-up windows can be complicated and frustrating, and acts as a serious impediment to closing a sale. As a result, oftentimes merchants decided to forego security in order to reduce friction in the check-out process in order to protect their conversion rates.
Merchants basically had to choose the lesser of two evils: lose money due to fraudulent transactions or lose money due to abandoned carts.
The good news is that merchants will not have to be faced with this difficult decision anymore; with biometric identification they can have both.
Biometric verification holds within it many great benefits for the payments sphere and will most certainly become the more prevalent method of choice when it comes to online payer authentication.
But how hard is it to implement a system like this into your own business?
With the second iteration of the 3D Secure protocol that facilitates biometric authentication, merchants can implement a one-stop solution that takes care of several challenges, including:
- Increased security risks
- Mobile adoption and compatibility
- New requirements from payment legislations like PSD2 and card providers such as Mastercard
- Enhanced user experience
- Improved conversion rates
Most of all, merchants can seamlessly transition to the 3D Secure 2 protocol from current systems without needing an expensive infrastructure overhaul.