Today's financial fraudsters are smarter, more agile, and more online than ever before.
With payments increasingly moving to electronic channels and the gateways supporting their transfer and settlement, the need for robust authentication methods has never been more important.
“Authentication is a constantly evolving process,” said Jim Colassano, senior vice president and business product manager for RTP® Networks at The Clearing House, in the series “Next Steps in Payments: Authentication: New Features and Next Steps? ” told PYMNTS.
“Breaches and data breaches are happening more often than we would like,” Colassano said. “And when someone gains access to your password, it opens up and unlocks completely different opportunities, especially if you use the same password on different sites.”
He noted that individuals typically use the same password on multiple sites, including banking sites.
That's why approaches like multi-factor authentication are becoming the standard for securing payment transactions. MFA traditionally relies on something the user knows (a password) and something the user has (a token, or code sent via text message or email).
This approach increases security, especially in critical areas where passwords alone are insufficient to protect sensitive information.
“It's not just multi-factor authentication,” Colassano said. “There are other ways to verify customers, such as tracking IP addresses. Attack vectors are becoming increasingly sophisticated, so they need to become more sophisticated.”
The need for more robust authentication to protect modern transactions
Advanced authentication methods such as IP tracking, biometrics (facial and fingerprint recognition), and voiceprints are intended to create multiple layers of security and make it harder for cybercriminals to exploit vulnerabilities.
Colassano said people often use weak passwords, and passwords for sites that don't require tight security, such as news subscriptions, can be reused on multiple sites where security is important, such as emphasized the risks of reusing passwords. Digital bank account.
“Sites such as brokerage accounts, medical information, and financial information are sites where you want to ensure that only the individuals who own that data have access to it, because allowing it would have significant implications for both the individual and the organization. so that someone in the community can access that information,” he said.
He noted that reliance on passwords stems from ease of use and ease of use, and that organizations are increasingly investing in tools and education to strengthen the cyber hygiene of their customers and end users.
Password generators, password managers, and education to spot scams contribute to a more secure environment. Introducing friction in the form of educational pop-ups during transactions can also act as a pause for users to confirm the legitimacy of the transaction and confirm that the counterparty is the intended recipient.
“All of these mechanisms are layered, and different organizations have different ways of authenticating individuals based on their risk to the system. [using]” Colassano said.
“Something with an equally light touch. [a confirmation page] “You can prevent a lot of fraud because once you make consumers aware of it, repeat it once or twice, the light goes off and they remember it the next time they transact,” he added.
Will a passwordless future become a reality?
As technology and online behavior advance, traditional passwords are increasingly proving insufficient to protect sensitive information.
Looking to the future, Colassano said he envisions a transition to a password-free future, driven primarily by advances in biometric authentication. Facial recognition, fingerprint authentication, and voiceprints are expected to replace or strengthen traditional passwords.
“It's a constant battle, and on the bright side, there will be technological advances and different mechanisms that can be used to better protect identities against the next wave of attacks,” Colassano said.
“Certification is multifaceted and complex,” he added. “And the challenge for many financial institutions is how do they make their customers feel that authentication is frictionless so that they don't hesitate and walk away from it? It's something the network also takes very seriously, and protecting all account holders on the network is our top priority.”
