As consumers warm to biometrics, there's no reason to stick with passwords

Register now

Consumers are clearly aware of the online dangers and have shown a preference for authentication methods such as physical biometrics.

With this endorsement, online companies should implement the latest authentication solutions, especially those combining physical with passive biometrics, to ensure the security of their customers while providing a streamlined experience.

Once companies can recognize their customers without constantly asking for a password, security questions or one-time codes, they can shower them with key benefits and reward points to enhance the shopping experience while bolstering their brand.

Overwhelming online cybercrime is the reason behind the constant development of new verification technologies, including passive biometrics.
A new report by the research firm Blink and identity authentication technology company Trusona shows that consumers are adopting these new passwordless technologies to secure their accounts. The study found that more than 70% of consumers will choose passwordless multifactor authentication (MFA) over traditional usernames and passwords if given a choice.

The study was done over the course of three weeks where participants had to log into a fake gift-giving website. They had two options to log in: username and password or a passwordless MFA option. The participants didn’t know the real goal of the study, to make sure they weren’t biased. At the end of the experience, they were asked about their login experience with the different options.

Another interesting finding is that, out of 70% of consumers who chose MFA, 17% had initially chosen username and password. When they logged in next time, they switched to the passwordless option and maintained the choice during subsequent interactions.

This shows that consumers are ready to move from passwords and usernames to more secure authentication methodologies. Using physical biometrics combined with behavioral analytics allows companies to verify users accurately without adding unnecessary friction or tiresome security questions, while detecting any unauthorized activity before it enters the environment.

Multilayered solutions that include these technologies analyze hundreds of data points throughout a session and create an evolving profile of a user across the sessions. Passive biometrics and behavioral analytics are technologies that can provide this level of monitoring without adding friction to legitimate users. The system will only request a physical biometrics scan when there is a risk — thus creating more convenient experiences for legitimate users.

The lock at login can be easily attacked by hackers. For this reason, determining if there is a real customer or an impostor at the door is tricky business. Blackhat hackers keep evolving ways to abuse login through brute-force attacks and other automated exploits that test passwords until one works. From there, it is a straight shot to the account and then the transaction.

These mass-scale undercover attacks make it difficult for organizations to detect them on time. This is where technology needs to battle technology. Multilayered solutions that track scripted behavior and analyze hundreds of data points throughout a session can immediately detect anomalous or automated activity.

The moment a behavior is compared to a user’s historical data, the online organization can interdict to verify that specific user. This way, even if a bad actor finds the correct credentials, they won’t be able to access the environment because their behavior will be flagged. For example, unsuccessful login information can reveal that a script has opened an account after 250 attempts from different IPs on the same week, which is a clear sign of fraud and can be blocked right away.

These systems act as an early-warning system, alerting online companies when a user is behaving badly, even if it is the first time the user is approaching their site.

For reprint and licensing requests for this article, click here.
Retailers Authentication Biometrics Payment fraud ISO and agent