By Stan Swearingen, EVP Strategy and Advanced Technology, IDEX Biometrics ASA
The payments industry is revolutionising at an exponential rate. And the truth is, there has never been a greater need for it. Supercharged by the pandemic, consumer spending fuelled with a surge in e-commerce reaching an estimated $794.50 billion in 2020.
This comes at a time when payment authorisation leaves much to be desired. Worryingly, this combination has resulted in a hotbed of opportunities for cybercriminals to exploit, expanding their financial crime methods and aiding an abundance of fraudulent transactions.
Where traditional authentication falls short
When you look at traditional forms of digital payment authorisation, it’s easy to see how consumers and retailers are being so readily exploited. They commonly rely on information known to the user, such as passwords, date of birth and mother’s maiden names. The trouble is that this information can be easily stolen. Just one bit of information is all that a cybercriminal needs to steal a user’s online identity. With this, they can withdraw funds from a bank account, apply for a credit card or make online purchases.
It’s little wonder that cybercriminal activities have become so sophisticated in gaining personal details, after all, the return is so rewarding. Yet, to a degree, society has sadly become accustomed to it. More than half (59%) of consumers worry about the security of their personal information, yet they don’t necessarily display precautionary behaviour in protecting their digital identities. A huge 80% would give out their email address and 42% would give out their date of birth online.
Perhaps it’s a case of misplaced responsibility; consumers putting overarching trust into retailers and banks to protect them online and in reverse, retailers and banks are reliant on consumers acting with a greater measure of caution. Regardless, it highlights a serious authentication loophole.
Meanwhile, retailers are also finding it hard to distinguish between legitimate customers and malicious bots when balancing fraud prevention. Fraudulent transactions cost retailers and banks dearly. Global losses from payment fraud have tripled from $9.84 billion in 2011 to $32.39 billion in 2020 and it’s a trajectory that’s only set to increase unless something is done.
These factors together culminate in a growing lack of faith and distrust in traditional payment methods.
The onus on the retailer and payment provider
The sixth anti-money laundering directive (6AMLD) has been pushed through to quickly address these growing threats, prompting online retailers and payment providers to remove the windows of opportunity currently exploited by cybercriminals and money launderers. Financial institutions must implement this new directive by 3 June 2021.
A key aspect of the directive is for retailers to apply a more robust technological procedure to Know Your Customer (KYC) guidelines. The impetus for change is to fight fraud on a global scale; a battle that is currently compounded by a fragmented and compromised authentication process.
The good news is that a secure and convenient digital authorisation method already exists that perfectly meets the 6AMLD requirements and alleviates any uncertainty when identifying the customer. Better yet, it’s a concept that many people will already be familiar with.
The role biometric digital ID plays
Biometric fingerprint ID is already well established in authenticating access to smartphones, but it can now be incorporated into a payment card, establishing a payment method that is both familiar and secure. Therefore, not only are biometric payment cards regarded as highly secure and safe by the banking and regulations industry, but they also stand a much better chance of mass adoption as they are based on a concept that is already widely accepted.
Biometric digital identity goes beyond what a user may know as a means to authenticate a payment. With a user’s unique fingerprint, biometrics present retailers with an opportunity to authenticate all customers for digital payments in a convenient way. At a time when the level of personal information being shared online is growing, leaving consumers vulnerable, biometric digital identity puts security back into the hands of the consumer, helping to create a single digital biometric identity that directly links the shopper to their card, and their personal data.
A strong foundation for SCA
There is also another reason why biometric payment technology is timely; in September 2021, the payments industry will finally see Strong Customer Authentications (SCA) be required for all payment transactions. Introduced under the second Payment Service Directive (PSD2), SCA will make two forms of customer identification essential before a transaction over the contactless limit can be processed.
One form may be something the consumer possesses such as a smart card, but the other must be something that they are, such as a fingerprint. Whilst SCA is intended to come down hard on fraud, the pay-off could comprise convenience for the consumer.
Biometric card payments maintain a high degree of convenience for the consumer whilst creating a secure ‘chain of trust’ that satisfies strict SCA and KYC guidelines.
Refreshing online shopping attitudes
Not only does biometric ID assure regulatory bodies; it also offers a host of benefits for the consumer. For example, a digital ID will only provide the information necessary to make a purchase, ensuring that privacy is protected. It goes even further to address consumer concerns about the way that their information is used by companies; concerns which GDPR sought to resolve. It’s known as data minimisation and means that if a customer wants to make a purchase that is age-restricted, they’ll only need to share their date of birth, rather than their full name and address, for example.
It increases confidence in retailers as it provides a secure and convenient payment method that builds trust on both sides, eliminating ambiguity. This in itself could give consumers the faith to shop differently; perhaps buying from smaller independent retailers or from abroad if it means that their data and payment information is protected. This can elevate retailers and help to level up the global playing field whilst promoting a more enjoyable experience with reduced transaction times and simplified online shopping.
Biometric payment cards represent an example of technology innovation working in harmony with payment regulations to address the growing threat of fraud. Now is the time for payment companies to work with retailers to provide a payment method that embraces the latest technological advances and brings confidence and trust back to the consumer. Altogether, we’re heading towards a safer and more convenient way to prove our identity that stamps out fraud and puts the power of our identity firmly back into the hands of the consumer.