Remember how preventing fraud with 3D Secure used to disrupt e-commerce transactions, frequently leading to cart abandonment and, no doubt, a fair amount of frustration for customers? Risk-based authentication eliminated friction from consumer transactions long ago. Adopted originally by the financial services industry, where it's now widely deployed, risk-based authentication has become a familiar experience for customers, and it's gaining popularity, more specifically within the latest 3D Secure 2.0 protocol.
As the name suggests, risk-based authentication assesses each transaction based on specific attributes known to contribute to risk such as the user’s device, behavior, and location. For example, when a transaction originates from a new device, RSA research shows a three-fold rise in fraud occurs. Only if the transaction is deemed risky will the user be asked for additional verification—and this occurs in less than five percent of logins and transactions on average.
The Problem with Passwords
Risk-based authentication is, however, only as good as that extra level of verification. That’s why the European Banking Association Payment Service Directive II (PSD2) recommends a combination of risk-based authentication and biometrics to secure financial transactions, acknowledging just how insecure the prevailing method of authentication—usernames and passwords—actually is.
Today, the prevalence of password breaches has caused it to be the top cybersecurity concern among 60 percent of consumers, according to a recent survey. But they don’t always act on their concerns—more than one in four use the same password for most of their online accounts.
Do Your Customers Trust Biometrics?
When it comes to biometric authentication, our survey confirmed that fingerprint recognition is most acceptable to users (48 percent); while at the other end of the scale, facial and voice recognition received 28 percent and 21 percent support respectively. This could indicate that people have concerns about their credentials being spoofed with photos and voice recordings; and it’s likely those fears won’t be allayed until the technology has had the chance to prove itself.
However, the growing popularity of mobile commerce may help fuel a much needed change in consumer attitudes. As of 2016, it was estimated that 770 million smart devices were equipped with fingerprint sensors. And when we look at who's using those devices—for social media, email, banking, ecommerce and bill paying—millennials lead the way.
But as mobile use grows, led by the younger generation, we can expect to see corresponding growth in the acceptance of smartphones’ built-in authentication methods. As that happens, users will no longer be required to enter passwords, or remember answers to obscure questions—all of which will help to deliver the frictionless transactions they demand.
Although fingerprint technology is the most ubiquitous biometric authentication method, and the one most consumers trust, it shouldn't be relied on alone. If you want to give your customers the choices they expect, you need to work with an authentication partner who can provide them.
# # #
Learn the five important questions you should be asking when selecting a consumer authentication partner or download our white paper, Key Considerations for Selecting a Consumer Authentication Vendor, which provides more in-depth guidance on choosing an authentication and fraud prevention platform that delivers the security, frictionless transactions, and authentication choices customers want.
Author: Heidi Bleau
Category: RSA Fundamentals, Blog Post
Keywords: 3-D Secure, Biometrics, Biometrics-Based Authentication, Account Takeover, Consumer Security, Cybersecurity, Fraud Detection, Fraud Prevention, Identity Theft, Risk-Based Authentication