Page 46 - GS161202
P. 46
Education
Multilayered authentication:
challenges now, rewards later
By Evi Triantafyllides Pay's fingerprint authorization and Mastercard's
PAAY LLC Selfie Pay) are heavily investing in such software.
This trend is justified by the fact that inherent-
R emember when payment authentication was as based authentication is precise, as well as less er-
simple as signing a check, the validity of which roneous, more difficult to compromise and less
was then confirmed by comparing it against … time consuming for consumers than other meth-
yet another signed document? The quest for a ods.
less error-prone procedure has led to dramatic leaps in
precision, and the days of a single, simple authentication Multilayered authentication, which involves using more
method are long gone. than one type of authentication, is expected to play a part
in bringing today's proliferating data hacks to a standstill.
With payment software development reaching unprec- Pairing different authentication types is becoming
edented levels in the past years and a general evolution in standard procedure, and two-factor authentication an
the fintech space, authentication is shifting to entail accu- industry buzzword.
rate, sophisticated and multilayered procedures delivered
by diverse players within the payments chain. Authentication in the larger payments picture
Multilayered authentication What does authentication mean in the grand scale of the
payments arena? With MarketsandMarkets reporting a
Passwords, phone numbers, fingerprints, the name of your 19.7 percent annual increase in biometric authentication
father's great, great grandfather ? your entire DNA string techniques, and with those expected to be valued at $10.8
please. In an effort to categorize the various authentication billion by 2020, authentication is a space to pay attention
techniques that have come about, the generally accepted, to, and one that will shape the future of how payments
three-tiered classification system has emerged. It includes are done.
knowledge-based, ownership-based and inherence-based
authentication, described as follows: Moving away from the archaic, straightforward signature
model has proven to be multifaceted and clunky, with
• Knowledge-based: Authentication of this type different authentication methods competing for legitimacy.
relies on a "secret" piece of information a user While there is no way to predict which authentication
knows. Classic examples are PINs attached to chip methods will become the norm, the path toward
cards that are required at international POS sys- sophisticated, manifold authentication is uncontestable.
tems, passwords and personal details that can be
answered as part of a "security questions" proto- Eventually, rising costs of technology investments and
col. This type of authentication can be criticized escalating fraud levels will reach their peaks. Monetary
on the basis that the information can be easily investments will start to scale, and return on investment
hacked, and providing it can be time consuming will kick in, turning a double whammy of deficits into a
for consumers. double win of declining infrastructure costs and decreased
fraud. Additionally, fraud liability will shift away from
• Ownership-based: This is linked to something customers and merchants (who will now be doing their
the customer owns. Even though ownership- share by participating in authentication programs), and
based-authentication methods are safer since accountability will increasingly fall upon card brands,
hacking cannot be done on a collective level, the banks and the devisors of authentication programs.
drawback is that they are inconvenient for users,
who always need to have the "authenticator" with Indeed, what now seems to be a messy mix of varied
them. Examples include showing a passport or us- authentication tools should be appreciated as efforts
ing your mobile phone for a specific action; recent, towards securing a more profitable, protected payments
more complex developments include QR codes future.
and RSA tokens.
Evi Triantafyllides is the Marketing Director at PAAY, a software solution
• Inherence-based: Often termed biometrics, this is that qualifies e-commerce transactions at lower interchange rates and
the latest, most technologically advanced authen- shifts liability for e-commerce fraud away from merchants, to the card
tication. It entails a process whereby customers issuers. Evi was the first full-time employee at PAAY. She is responsible for
themselves are the authenticators. Ranging from the company's marketing, and at the same time focuses on ISO relations
fingerprints to face or voice identification, biomet- and partnerships. Find out about PAAY at www.paay.co or reach out to
rics is steadily becoming the name of the game, her directly at evi@paay.co.
with indications this trend will soon prevail. Tech
and payment giants alike (examples being Apple
46
