subscribe: Daily Newsletter

 

Crunch time for authentication decisions

0 comments

Banks are revisiting their choices around authentication technology as new protocols become available and consumer behaviour swings towards a massive take-up of mobile transactions.
As many as half of all online transactions in South Africa are not completed because consumers find the authentication process too cumbersome, writes Neil Bester, products senior vice-president at Entersekt..
Another barrier is that some authentication systems themselves may erroneously decline legitimate transactions.
Consumers generally demand and expect high levels of online security during transactions, but some do not want to expend much time and effort themselves to ensure this, and others want to be highly involved in authorising online purchases explicitly.
Meeting both sets of expectations presents banks and merchants with significant challenges.
In e-commerce, abandonment is a huge issue – consumers beginning a transaction but not completing it. Fortunately, mobile commerce offers some innovative solutions through banking apps, which are secure and able to deliver a growing number of transactional services.
There are two main types of authentication which provide protection for consumers who make purchases online. Risk-based authentication (RBA), popular in the US, requires virtually no input from the user.
There is a certain amount of intelligence built into the system (it knows a user’s location and transaction history, for example) so that it can determine whether the user’s behaviour is consistent with their profile and then approve transactions on that basis. But it’s not foolproof – a large percentage of its assessments turn down legitimate transactions.
In Europe and South Africa, however, multi-factor authentication (MFA) is the norm and requires some input from users – systems ask consumers to explicitly authorise their transactions by providing authentication. Many local users are more comfortable with this system because not being asked to provide authentication feels “too easy”.
It’s against this background that we see MFA as a stronger contender for authentication going forward – there’s less scope for false declines – but the process has to be made painless as possible.
As a growing number of transactions are conducted from mobile devices, banking apps are seen as a way of consolidating all online financial activities – including authentication.
Banks are starting to revisit their decisions around authentication. New protocols – and users who want a consistent online authentication experience – are key drivers of this move. Consumers want to feel secure and banks can build this into the authentication process. With MFA authentication people feel that banks won’t do anything without asking their permission first – it’s this sort of affirmation that builds trust into a brand.
Online banking has been around since the late 1990s and broadly, there are three key points to think about for the future:
* Size – the sheer magnitude of e-commerce is exponentially bigger than it was in the 1990s – it is now a prominent channel for most businesses and inextricably linked to their brand and core operations;
* Mobile – what used to work adequately on a website does not necessarily translate to a good experience on mobile devices. A “mobile-first” approach is needed;
* Improved intelligence – organisations can use the data they have about their customers to market more relevant goods and services to them. Systems are able to extract useful information from profiles and buying patterns – they are not just payment enablers.
Historically, banks and card issuers kept their e-commerce-enabling technology (access control servers [ACS]) as isolated systems. In the early days of the Internet this was faster, more convenient and easier to cost. But because these older authentication and card systems are now isolated from banks’ more modern “live” data systems, it’s difficult to bring them in line with current consumer expectations of a smooth, easy online transaction experience. Authentication should be simple.
Our Connekt product solves these problems by providing all card association-specific functionality while delegating previously duplicated functionality to banks’ internal systems. These include card management, identity management, access management and reporting. The advantages of deploying it are:
* Consumers can use the same authentication mechanism they have for their mobile banking for e-commerce. There’s no separate password to remember or inconvenient, outdated SMS one-time password (OTP) to use. Familiarity and ease-of-use are important components in any online transaction;
* The bank can customise every cardholder’s authentication experience based on preference. For example, an authentication app-push on a smartphone or an SMS to a feature phone;
* The issuer can easily roll out new customer authentication experiences without a dependency on the ACS vendor;
* When a cardholder updates their banking credentials, the backend immediately uses this new credential for e-commerce authentication; and
* The bank’s backend can detect that a cardholder is travelling abroad from the location of their mobile phone and this provides a strong “green signal” when e-commerce transactions originating from this country must be authenticated. Combining the banks’ storehouse of big data – business intelligence – with authentication procedures is a big step forward.
Increasingly, technology is built around consumer behaviour and this extends to authentication. Getting it right dramatically reduces transaction abandonment, provides a better consumer experience and opens up a wealth of possibilities for new transactional services delivered via banking apps.