Static passwords alone are no longer a viable tool for identifying customers. With payments fraud rising year after year, and consumers becoming more comfortable with making payments online, the importance of authentication has never been more crucial.
Studies indicate that approximately 80 percent of today’s data breaches are the result of weak passwords. The wide-ranging fraud schemes centered on deceiving consumers into providing sensitive personal information, have supplied fraudsters with an assortment of real and fake customer data points, which has fueled the uptick in identity theft and subsequent Account Take Over (ATO) tactics.
Multi-Factor Authentication (MFA), interchangeable with ‘two-factor authentication, offers one of the many protection layers for customer verification and is one of the most powerful and cost-effective means for identifying users—both digitally and physically.
There are three main variants associated with MFA: something that is identifiable (like a PIN or Password), something in possession (like a phone), and something characteristic (such as fingerprints).
Here are five commonly accepted and effective authentication methods. We’ll briefly explore these methods and the pros and cons of each.
Short Message Service (SMS) OTP involves sending a unique one-time-passcode (OTP) or text phrase to a mobile device to confirm access or verify financial transactions.
Push Notifications send a notice to an application prompting the user to approve access attempts. Notices regularly provide data elements (time, location, and device type) for validation before acting.
Biometric Authentication is dependent on unique biological characteristics and traits (fingerprints/facial features/eyes) to verify identity.
Behavioral Authentication (BHA) verifies a user based on recorded device interaction, such as how the device is held and the cadence or pressure points when typing.
QR Codes are used more often for financial transaction verification, access to website applications and related information, restaurant menus, and enabling devices to act as TV channel remotes.
The benefits and negligeable cost of MFA are clear when weighed against the risk (both tangible and intangible) and associated cost of a data breach stemming from weak and compromised credentials. Criminals are getting more sophisticated. Fortunately, the technologies for matching their persistent fraud schemes and thwarting their attacks are up to the challenge.
Alan Nevels is senior vice president of card risk and merchant services at ICBA Bancard.