The age of passwords is coming to an end, with the finance industry in particular beginning to embrace biometric payment authentication. Roy Aston, CIO of UK-based multinational online payments company Paysafe Group, discusses the trend and whether there is enough consumer appetite.
Biometric technology has become increasingly prevalent in daily life.
For example, we’ve been scanning our faces at border control and using our voice to control sound systems at home for several years, and the list of use cases for biometrics continues to grow.
Although using biometrics for verification or commands has become increasingly common, consumers are still cautious about their validity, especially in relation to protecting their financial data. According to our research, over half (56%) still favour the humble password to authenticate payments.
However, soon biometrics will be key to authenticating payments once the legislation mandating strong customer authentication (SCA) is in full force.
The legislation is a new European regulatory requirement, which aims to reduce fraud and increase the security of online payments.
The fundamental change is that card-not-present (CNP) payments that require authentication must be done so via at least two of the three following elements:
1. Something you know (password/PIN)
2. Something you own (phone/hardware token)
3. Something you are (fingerprint or face recognition)
Ahead of the deadline, which was recently extended from September 2019 to March 2021, work needs to be done in order to educate and reassure consumers that using their biometrics is both safe and secure.
The role of SCA for businesses
In April 2019, the card schemes introduced new rules in Europe to enforce the adoption of 3D Secure 2.0 (3DS2).
This is the new EMVCo security standard, which enables customers to authenticate high-risk transactions with confidence, in compliance with the SCA regulations.
Merchants are therefore obliged to transfer all of their European partners to 3DS2 by the SCA deadline.
Once the deadline is reached, all CNP transactions that are not authenticated via 3DS2 will be blanket declined by issuers.
These new requirements introduce multi-factor authentication for both eCommerce and m-commerce.
When implemented, these authentication methods offer the potential to eliminate passwords from authentication entirely.
In doing so, security will enhance as there are additional layers to the authentication process, while also streamlining the payment process for consumers.
This will be significantly beneficial to merchants, especially those with mobile retail channels as consumers would only need to scan their fingerprint on their own smart device to facilitate a payment.
This creates a convenient and efficient user experience, which is vital for consumers.
The introduction of SCA also will make a significant difference for consumers during payment verification.
Some 95% of all transactions will not have to be manually authenticated as lower risk and low value transactions will not have to be verified for every transaction, and multiple payment methods will either be exempt from, or out of scope of, the standard.
Also, the static password system of verification is a major source of consumer frustration when making a payment (and merchant irritation due to its role in rising cart abandonment rates), so replacing this with authentication systems that are both stronger and offer a better user experience is key.
Weak consumer appetite for biometric payment authentication
The shift to place biometrics at the heart of payment verification could prove to be a win-win in the battle to provide secure and convenient payments.
However, ultimately consumer appetite to leave password-based authentication behind and embrace biometrics will establish its speed of adoption and ultimate success.
Our research showed that a significant percentage (79%) of consumers still prefer passwords for making payments online because of the concerns about the security of new biometric options.
The main reason consumers wish to avoid them (45%) is a lack of trust. Consumers have also expressed that they are not educated enough about biometrics to trust them (35%).
Issuers, online businesses and PSPs are responsible for informing consumers on the security benefits of biometric payments to help build the required trust.
But, while consumers have particular views of the risks biometric payments pose, there is still a clear appetite to adopt due to their convenience.
Many consumers agree that using biometrics is a significantly quicker and more efficient method of paying for goods and services (62%).
Furthermore, there are substantial number of consumers that are already adopting biometric authentication methods such as fingerprint (42%), facial recognition (17%) and voice-activated technologies (12%).
It’s clear that convenience is driving adoption, but there is still a way to go before it is fully mainstream.
Complete adoption of biometric payment authentication: Sooner rather than later?
For consumers, having increased trust in biometric authentication also means being open to the frictionless benefits of password-free e-commerce on devices such as smart homes, connected fridges, and IoT-enabled vehicles.
As with any new solution or product, time is required to get used to them, but once consumers begin using it regularly and trust this method to authenticate payments, then their fears would be eliminated.
Biometrics offer a great opportunity to smooth payment processes and decrease cart abandonment.
However, without the required education, consumers could easily put off customers and potentially lead to the reverse of higher rates of cart abandonment issues where passwords aren’t asked for.
Merchants are required to tread carefully and assure customers that biometrics payments are secure and trustworthy. This will to ease the path to adoption.