Improving Customer Authentication - July 31, 2013
Atlanta Fed Conference Explores Customer Authentication
As widely-used customer authentication methods such as PINs and passwords become easier for fraudsters to penetrate, what options does the payments industry have to make payments safer?
A conference hosted by the Atlanta Fed's Retail Payments Risk Forum in July explored this question and more, including the challenges associated with current authentication methods and the pros and cons of emerging solutions.
Customer authentication plays an important role throughout the payments process. Still, efforts to improve authentication methods face a complex web of challenges. For one, payments providers rely on a patchwork of ambiguous laws and guidance for legal protection. Other challenges include the rising cost of protecting online accounts and the industry's tendency to adopt incremental measures. The result has been marginal improvements and greater complexity, said Authentify president and CEO Peter Tapling, who spoke at the conference.
Fraud is down, but new threats are on the rise
Card fraud is at an all-time low, accounting for roughly 0.05 percent of global sales. Despite the impressive reduction in counterfeit crime (the most common type of card fraud), the shift to the EMV standard (chip technology) in the United States could cause an uptick in card-not-present fraud. Indeed, a similar trend has played out in other countries that adopted the EMV standard, industry experts at the conference noted.
Using data to detect fraud
Payments networks and financial institutions have access to a treasure trove of data that they can use to detect potential sources of fraud and authenticate a person or device. Stephanie Ericksen, head of Authentication Product Integration at Visa, spoke about the company's risk-based approach in a video interview with the Atlanta Fed's Blake McDaniel. By using data on cardholders' spending behaviors, Visa and other networks can "score the likelihood of the transaction being fraudulent, and then tailor the authentication solutions."
Greater use of data analytics could also be part of a "layered" approach to customer authentication—along with some combination of factors, such as:
- What you know—user ID, password, PIN
- What you have—mobile device, token, credit card
- What you are—biometrics, activity pattern
In a video interview with the Atlanta Fed's McDaniel, Tapling said that "there are going to be multiple steps in the process, and then if one step has a problem...there are other mechanisms that can pick up the slack."