User experience and security are a tough but necessary juggling act
With m-commerce transactions accounting for an ever-increasing share of online purchases, delivering the seamless experience that consumers demand remains the priority for merchants.
The increasing frequency, sophistication and impact of card-not-present fraud, however, is leading to the implementation of tougher compliance requirements from payment networks and regulators.
To be competitive, financial institutions (FIs) and merchants must implement robust fraud mitigation strategies, while continuing to deliver a simple, intuitive and fast payment process.
Easier said than done.
Strong customer authentication (SCA) using a dual-factor or multifactor approach is the foremost defensive tool that FIs and merchants can deploy. Although certain SCA technologies are prohibitively cumbersome, in some cases these more secure forms of authentication actually deliver a better user experience.
For example, replacing a traditional password with a fingerprint is not only more convenient for the consumer, it is also more secure. It is for these reasons that the adoption of biometrics as an authentication mechanism is growing so quickly.
Every technology has its own unique challenges, and biometrics are no different. Rather than searching for a silver bullet and relying on a single line of defense, FIs and merchants should adopt a layered model combining different approaches and technologies, tailored to their individual needs. They should also continually investigate new authentication technologies to ensure they keep up to date with evolving requirements.
Risk-based authentication (RBA) should be a key part of this layered approach. RBA involves testing a transaction against a series of parameters in real time, such as the device, the IP address, the location, and past behavior. If no anomalies are found, the transaction can be approved without invoking SCA. As this applies to the vast majority of legitimate transactions, RBA is perhaps the most powerful tool available to enable seamless, secure m-commerce transactions.
In parallel, it is important to keep an eye on the future. Regulations like PSD2 are enabling the emergence of new payment approaches. Merchants will potentially benefit from better service levels and at a lower cost than with traditional card-based models. As these payment methods diversify, merchants will need to establish specific approaches for each.
With the m-commerce space evolving so quickly, players should continually investigate new authentication technologies, payment methods and regulatory requirements to provide the perfect balance between user experience and security.