Merchants and FIs must deliver both security and user experience in m-commerce, says Elina Mattila, Executive Director at Mobey Forum.
With m-commerce transactions accounting for an ever-increasing share of online purchases, delivering the seamless experience that consumers demand remains the priority for merchants. The increasing frequency, sophistication and impact of card-not-present fraud, however, is leading to the implementation of tougher compliance requirements from payment networks and regulators.
To be competitive, financial institutions (FIs) and merchants must implement robust fraud mitigation strategies, while continuing to deliver a simple, intuitive and fast payment process.
Easier said than done.
Biometrics – the silver bullet?
Strong customer authentication (SCA) using a dual-factor or multifactor approach is the foremost defensive tool that FIs and merchants can deploy. Although certain SCA technologies are prohibitively cumbersome, in some cases these more secure forms of authentication actually deliver a better user experience. For example, replacing a traditional password with a fingerprint is not only more convenient for the consumer, it is also more secure. It is for these reasons that the adoption of biometrics as an authentication mechanism is growing so quickly.
Every technology has its own unique challenges, and biometrics are no different. Rather than searching for a ‘silver bullet’ and relying on a single line of defence, FIs and merchants should adopt a layered model combining different approaches and technologies, tailored to their individual needs. They should also continually investigate new authentication technologies to ensure they keep up to date with evolving requirements.
Risky business
Risk-based authentication (RBA) should be a key part of this layered approach. RBA involves testing a transaction against a series of parameters in real time, such as the device, the IP address, the location, and past behaviour. If no anomalies are found, the transaction can be approved without invoking SCA. As this applies to the vast majority of legitimate transactions, RBA is perhaps the most powerful tool available to enable seamless, secure m-commerce transactions.
Beyond card-based payments
In parallel, it is important to keep an eye on the future. Regulations, like PSD2, are enabling the emergence of new payment approaches. Merchants will potentially benefit from better service levels and at a lower cost than with traditional card-based models. As these payment methods diversify, merchants will need to establish specific approaches for each.
With the m-commerce space evolving so quickly, players should continually investigate new authentication technologies, payment methods and regulatory requirements to provide the perfect balance between user experience and security.
‘Authentication in M-commerce: Balancing Risk and Experience’ is available for free download.
The original article was published on PaymentsSource –>