Any attempt add speed and efficiency to the mobile payments experience has faced an increase in breaches and fraud, bringing digital payments and authentication to a critical crossroads.
And since digital payments typically requires online consumer connections, there's still a confidence gap when it comes to the safety of the broader internet.
"The internet was not built with identity in mind, and that's a problem," said Hans Theisen, chief revenue officer at Averon, an authentication technology company. "That's why we have a lot of fraudulent online purchases, because you can hide your identity online, and we think that has to change and evolve over time."
The advancement in single sign-in options for easy application or a checkout path is a consumer dream, but it doesn't always maintain accurate identity of the user. In short, like anything else on the internet, these sign-in options can still be hacked.
"We've had 936 hacks in the U.S. already this year," Thiesen said last week during the annual Mobile Payments Conference in Chicago. "Why? Because passwords are easily broken."
Because companies facing these challenges realize they are at an "intersection of convenience and security" in developing new business models, many are seeking ways to include device identity as a key component in authentication, Theisen added. "We have to start validating this, there are too many ways to spoof identities."
In the meantime, the search is on for authentication tools that can improve upon passwords as the payments industry waits to see if biometrics ever takes hold at scale. The FIDO Alliance, in particular, has been active for more than five years in its pursuit of putting an end to traditional passwords.
The major card brands also continue to strengthen their security tools in this fight, with far more data analytics going on behind the scenes than in the past.
"The new generation of 3D Secure for two-way communication between the issuer and the merchant takes many data fields from the merchant to the issuer to do fraud scoring behind the scenes," said Debjit Sarkar, vice president of global payments partnership strategy at Visa. "This is leveraging big data and analytics to improve approval rates, lower customer abandonment and reduce fraud."
But players outside of the traditional payments industry will have far more say in the future, as those companies develop new security business models through software development kits and application programming interfaces.
"The word 'frictionless' creates this image of a smiling consumer going through checkout seamlessly with one click, but the payments industry has to think about what it takes to get to that space," said Benjamin Hurley, senior director of mobile product management at Apriva, point of sale and mobile payments software provider.
To get there, much of the complexities of payment processing that engineers and programmers face when integrating has to be trimmed back somehow, Hurley said.
"People creating these seamless experiences that require system or biometrics authentication are outside of the payments space," Hurley added. "What we are seeing is this sort of middle tier, a new business model, wherever you have friction or a problem you have entrepreneurs stepping in to fill that gap."
However, in the U.S. the advent of EMV chip cards and other security measures has created a certain level of complacency about standards, and it could leave the door open for other industries to lead the way on security, Hurley said.
"EMV, as a focus on security, is part of the payments space but it's not an industry unto itself," Hurley said. "When talking about the big data space, organizations like the insurance industry could step in and create risk-calculated algorithms and add them into the mix."
Such an advancement would remove the need for approaches like two-factor authentications or even the EMV chip cards, he added.
"If you can utilize big data and market intelligence to address that issue, we will see more innovation here," Hurley said. "The U.S. market is where innovation takes place."