As the payments landscape continues to advance and evolve, the central tenet of authentication remains the same.
Let the right users in and keep the fraudsters out.
“Authentication practices have been in place for quite some time, and we’ve gotten pretty good at enforcing them. But we’re starting to see an evolution,” Kyle King, director of product management at NCR Voyix, told PYMNTS for the series “What’s Next in Payments: Authentication: What’s New and What’s Next?”
As the threat of fraud continues to grow, financial institutions are exploring new methods to enhance security and protect their customers.
Traditionally, authentication relied on multifactor methods, with two-factor authentication being the standard. However, as fraudsters become more sophisticated, financial institutions are realizing that two factors alone may no longer be sufficient.
King explained that the payments and financial industries are now moving toward including additional factors, such as location-based identifiers and behavioral biometrics. This evolution — to a three-, even four-factor multifactor authentication workflow — aims to enhance security and ensure that fraudulent behavior can be detected and prevented before a transaction can occur.
“We’re starting to see the evolution of behavioral biometrics, and with this, we start to see financial institutions include three, maybe four of these factors in decisioning for fraudulent behavior or authentication at the front door,” he said.
While the introduction of additional authentication factors is crucial for security, it raises concerns about friction and user experience. After all, any extra step is, inherently, an extra step.
In today’s fast-paced, everything-instant world demarcated by convenience, an extra step can mean a lost customer.
That’s why adopting robust authentication methods that balance convenience and security is important.
Financial institutions must strike a balance between implementing necessary security measures and not discouraging user engagement, and King noted that research has shown that users perceive an application as less secure if no friction is introduced at certain points.
“With friction, we have to find the right balance,” he explained. “Where do we satisfy our risk threshold or where we want to be as far as our risk portfolio goes, but also how do we make sure that we’re not discouraging that engagement?”
There is nothing more important to maintaining user trust while mitigating fraud risks than finding the right balance.
If a high net worth individual goes to move a large sum of money, they would probably feel more comfortable if a little friction was put in place to validate they are who they say they are, King noted, adding that “they want to see friction, even if it’s just a popup saying, ‘Hey, we have already validated you using behavioral biometrics or location data, and we are good to proceed.’”
As the threat landscape continues to evolve, financial institutions must adapt their authentication methods to stay ahead of fraudsters by integrating new technologies including artificial intelligence and other emerging innovations that can help by introducing friction while also speeding up authentication processes.
“The intersection of technology and unique identification should be constant throughout the experience,” King explained. “When we start to talk about AI, there’s always this precursor of data. You’ve got to make sure you have the right amount of data, the quality of data that you need for AI to be efficient.”
Continuous verification, AI-driven processes, and a holistic approach to authentication are key elements in enhancing security and user experience. By embracing these advancements, financial institutions can create a future where customers can confidently engage in digital banking without compromising their security.
Financial institutions are using AI to move toward a continuous verification model, constantly monitoring user behavior and validating their actions throughout the platform. This approach not only prevents fraudulent transactions but also instills confidence in users by intercepting potential threats before they occur, King said.
Phishing attacks have seen a resurgence, with threat actors mimicking financial institutions’ websites and capturing users’ credentials and one-time passcodes. To combat these attacks, King explained that financial institutions need a programmatic AI solution that constantly monitors user sessions and detects any changes that may indicate a potential threat. This proactive approach is crucial in preventing account takeovers and protecting users’ sensitive information.
Continuous authentication goes beyond the initial identification process at the front door. Financial institutions are now focusing on continuously verifying users throughout their digital banking experience.
This approach ensures that any changes or suspicious activities are promptly detected, preventing account takeovers and unauthorized transactions. Additionally, continuous authentication empowers users by allowing them to have input in their preferred authentication methods, creating a bespoke approach tailored to their needs, King said.
He added that the ideal state of authentication in the future involves continuous verification, holistic approaches, and smart authentication processes driven by AI and data.
For all PYMNTS AI coverage, subscribe to the daily AI Newsletter.