Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Business

Reality Check: Will passwords become extinct in the world of e-commerce?

Reality Check: Will passwords become extinct in the world of e-commerce?

Those who are said to be dead live longer and interestingly, this also applies to passwords. This established form of authentication has long been considered an anachronism to the constant evolution and modernisation of the Internet.

However, passwords still play a very large part in our online world and are the gateway to a whole host of activities including emails, social networks and last but not least, online shopping.

Even those who only use the internet occasionally for online shopping quickly accumulate a wealth of online accounts.

Although there are ways of logging in via third-party providers such as Google or Facebook, they no longer enjoy the unconditional trust of users following a number of highly publicised data scandals.

With the new FIDO2 open authentication standard, it is now possible, in principle, to use hardware tokens or biometric features for authentication directly via a browser. But what is behind the process and what potential does the technology have?

Urs Gubser, Head e-commerce strategy at SIX Payment Services provides a reality check.

Check 1: What exactly is FIDO2 and what concrete possibilities does it present?

The abbreviation actually hides two standards. One, WebAuthn, was developed by the FIDO Alliance (Fast Identity Online) in collaboration with the W3C (World Wide Web Consortium) organisation. It enables the integration of FIDO-based authentication methods directly into different browsers using a standardized API. Mozilla’s Firefox already supports WebAuthn from version 60 and Microsoft and Google plan to follow suit. The other part of FIDO2 is the Client to Authenticator Protocol (CTAP). This allows various external devices to transmit credentials to computers via Bluetooth, NFC or USB.

The new standard offers several ways to replace passwords. A USB stick as a hardware token is a form of digital key. When a user inserts the stick into their PC, they automatically authenticate, just as easy as unlocking a door. In addition, the technical capacities of smartphones can also be exploited as many of today’s devices already have fingerprint recognition capability which could also use this unique feature for authentication.

Check 2: What about safety?

You do not have to be an accomplished computer hacker to crack a password; many people still use very easy-to-guess character combinations like names and birthdays. In addition,

SIX Payments Services Ltd Hardturmstrasse 201 P.O. Box 1521 CH-8021 Zurich www.six-payment-services.com

criminals have access to a variety of software tools to help them find out passwords. These risks and potential breaches in security simply do not exist with a hardware token – however, it can be lost or stolen, just like a physical key.

Is the fingerprint the ID of choice? After all, it is unique with just one per person. That is of course unless someone makes a copy and manages to fool the sensor – which is exactly what the Chaos Computer Club did back in 2013.

Since then, detection technology has evolved but so have the methods to outsmart it. With the help of machine learning and artificial intelligence, American security experts last year managed to create a form of the master imprint that unlocked almost two out of three of the smartphones that were tested. A potential attacker using this approach does not even need the original print of the owner. Therefore, in the case of biometric authentication, the question that always comes up is whether it is possible for criminals to obtain copies of the features. Of course, unlike a password, you cannot easily reset your fingerprint. Currently, a 100% secure system does not exist, even in the digital world, but you can make it as difficult as possible for cybercriminals to undertake their activities.

This is best achieved by combining various security features. Fingerprint authentication can be combined with the voice check and an iris scan as further biometric security elements, or you can use a hardware token as an extra authentication check. With each additional step of a multifactor authentication process, the security increases. Whilst this does not completely eliminate the possibility of identity theft, it sets the barriers very high. Breaches become extremely unlikely while at the same time the process remains easy for the end user.

Check 3: What else will the retail sector be facing?

As passwords disappear, online shopping becomes easier and more intuitive for customers. Of course, it also benefits sellers. Retailers no longer have to reset passwords and can make more meaningful use of the resources they no longer need. Biometric methods are also particularly interesting for the simplification of 3-D Secure. In addition to the normal credit card data, this service often requires customers to provide an additional password, which results in many customers not completing the journey and abandoning their purchase. When using identity verification procedures that do not require a password, companies no longer have to forego these transactions.

For customers, it is now self-evident that shops accept different credit cards, whilst at the same time PayPal is moving further and further into the retail space. Their competitor in the Far East, Alipay, is already on the rise beyond China. As the market for e-payment solutions develops, biometric methods are very likely to replace passwords, making it difficult to predict whether established service providers will be able to expand their market share, or whether new innovators will emerge and take a slice of the pie.

Be prepared for everything

One thing is certain; digitisation will not be reversed and is here to stay. Financial transactions are definitely affected by this megatrend. Developments such as the Internet of Things (IoT) offer a completely new perspective where every networked device can also be a retail gateway. In this new and connected world, customers want to pay directly and conveniently which will lead to the development of a veritable and comprehensive Internet of Payments. Methods of multi-factor authentication, including those based on biometrics, can help make the online retail environment more secure and eliminate the fears of potential users.

In order not to be overrun by e-payment developments, merchants should rely on the help of a service provider who has future-oriented solutions in place that can be integrated with existing systems so they are well prepared for a fully networked future without the nuisances of passwords.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post