Digital Transactions Authoritative, insightful and timely information for payments professionals
There is, perhaps, no subject in the digital-payments world more fraught with urgency these days than that of authentication. After all, just about all players in the payments chain, from merchant to service provider to processor to bank, have a huge stake in making sure the customer performing the transaction is the rightful user. Yet, the aim of establishing identity accurately, with little disturbance to the customer, and at small expense to the merchant, has proven to be an elusive goal.
Thieves have accessed so much credential information via such means as data breaches and phishing exploits that older authentication methods are rapidly proving ineffective. Our cover story this month, “The Crisis in Authentication,” outlines how one technology has superseded another in the search for the elusive defense. PINs, once said to be a sure-fire improvement on signatures at the point of sale, are now giving way to yet newer methods, such as facial recognition, fingerprint ID, and other biometric techniques.
Online, this search has yielded technologies that open channels of communication between issuers and merchants during the transaction in an effort to establish that the user at the other end of the string is the genuine article. Here, the stakes are huge. Cyberthieves can hide behind fake credentials at a far remove from the sellers they are conning. And, thanks to breaches such as the huge Equifax break-in in 2017, a rich harvest of real credentials is on offer on the aptly named Dark Web.
Nor is the problem of authentication anything new. Digital Transactions wrote about the problem of establishing identity some 15 years ago in a cover story called “Behind the ID Buzz.” Even then, ambitious technologists were developing fingerprint sensors for grocery stores and sussing out methods to defeat online malefactors. Even then, experts were advocating so-called two-factor authentication, combining something people had, such as a card or other token, with something they knew (a password or PIN) or something they were (a fingerprint, or even an iris pattern in their eye).
It’s discouraging that, all these years later, the problem persists. Back then, thieves fueled their dark ambitions with phishing exploits. They still do, but now they’re harvesting data by the boatload via seemingly endless breaches. And newer technologies, such as bots, prowl the Web in search of usable identities.
Still, as our story this month points out, multifactor authentication remains the key to establishing identity and defeating fraudsters. The crisis in authentication will ultimately be solved. But it will take steady and persistent efforts to create systems that combine valid credentials with streamlined routines that satisfy the demands of both consumers and merchants.
—John Stewart, Editor | john@digitaltransactions.net
