NOW IS THE TIME TO APPLY TWO LEVELS OF AUTHENTICATION

By Srivatsan Srinivan, Product Manager at Nexmo
In the hit TV series ‘The Wire’,it was Detective Lester Freaman’s sage advice that the investigation needed to follow the money. Fictional TV aside, this philosophy also stands true in real life situations where real world crooks and real world corporations all follow the money, although for very different reasons.

For many companies, providing a smooth user experience and getting the online payment process right drastically reduces the amount of transactions that get abandoned. The payment process is something cyber criminals exploit with fraud in order to benefit their own ends. For this reason, online payment providers aim to achieve a streamlined process but without compromising security. Yet striking the balance isn’t so easy, even as the new European Banking Association (EBA) guidelines for payment service providers (PSPs) come into effect on August 1^st 2015.

New Payment Options Means More Problems

There are more payment methods available today than ever before. Online vendors can accept payments from debit cards, credit cards, Apple Pay, Google Wallet, prepaid cards, PayPal, and crypto currencies like Litecoin and Bitcoin.

With the growth of online payment options, payment fraud has naturally increased. A recent study from LexisNexis Risk Solutions claimed that, despite mobile transactions being just 14% of overall transactions, they also make up 21% of fraud cases.

Additionally, according to the third report on card fraud by the Eurosystem,card not present (CNP) fraud accounted for 60% of all card fraud in 2012, an increase of 21% from 2011, from cards issued in the Single Euro Payments Area (SEPA).

More Risk, Stronger Authentication

The increasing risk of online payment fraud means that the new payments security guidelines issued by the EBA require strong customer authentication when collecting payments in online transactions. These rules have already been replicated elsewhere globally and,with the improved security results,will most likely encourage others to do the same.

Two or more of the following methods must be provided for users to prove who they are under the new EBA guidelines:

• Something the user is. In short, biometric identification
• something only the user knows, for example a static password
• something only the user possesses, such as a token-generator or a phone

The challenge here is for the payment service providers to comply without making the process too tedious for the customer.

Phone Number Verification

The challenge still remains, what is the best way to apply these security measures? Phone number verification has become the main alternative for implementing two-factor authentication because it’s easy to set up and involves very little extra effort on the consumer.

With the sheer speed of technological change, and the fast approaching deadline for implementing these measures of authentication, payments service providers should meet the initial challenge by drawing on the immense popularity of mobile phones.

With the excessive online fraud being committed every minute, it is positive to see authorities taking steps to meet the challenge head on. Without a doubt, using the mobile phone within a two factor authentication process will mean that the number of successful frauds will significantly decrease.