The realm of payments authentication is undergoing a shift.
In today’s digital era, where convenience meets security and organizations and individuals alike no longer need to make a trade-off between the two, legacy methods of authentication are increasingly giving way to a more intuitive, seamless and secure alternative: biometric authentication.
“The stars are aligning when it comes to [behavioral and market] conditions,” Entersekt Chief Strategy Officer and Co-founder Dewald Nolte told PYMNTS.
“People are getting used to logging into their favorite apps on their smartphones using biometrics daily, and using Apple Pay, Google Pay, Samsung Pay and those kind of wallets using biometrics to activate that payment, it is fairly well adopted in the market,” Nolte explained.
The last “piece of this magic combination,” he added, is that traditional technologies, like one-time passwords (OTPs), are being exposed as no longer good enough, creating a demand for more secure alternatives.
“We’re seeing very successful phishing campaigns in instances where these OTPs are being stolen,” Nolte said.
That is why the time is ripe for biometric authentication to take center stage.
From fingerprint recognition to the current Face ID capabilities on smartphones, biometric technologies have evolved to meet the demands of a changing landscape as they’ve matured, boasting high success rates and user acceptance.
“You don’t see a lot of challenges with consumers using those technologies anymore; the teething problems have mostly been resolved,” Nolte explained. “There are a number of solutions in the market, and they are working sufficiently well that they’re mainstream.”
The remaining nut to crack is scaling the use cases for biometric authentication, he added.
Nolte also emphasized the importance of differentiating between device-based biometrics (like those on smartphones) and server-side biometrics, which offer additional layers of security, especially in high-risk transactions.
“If you look at something like the checkout on your favorite online merchant, it becomes a bit more complex than using a mobile wallet,” he said. “Either the merchant themselves had to implement biometrics for their payment use case, or the payment service provider (PSP), or the bank that issued the card the customer is using to pay, has to implement it.”
While biometric authentication has become mainstream in certain applications, achieving ubiquity across various use cases remains a challenge. Nolte expressed optimism that progress is being made, with improvements in supporting biometrics in different transaction scenarios.
“I think 2024 will be the year we see some movement here, as the progress starts to become real,” he explained.
The potential synergies between biometric authentication and other methods will also help drive adoption and scalability.
Nolte explained the concept of context-based authentication, where the level of authentication is tailored based on the risk associated with a transaction. This could involve using different biometric methods or combining biometrics with silent challenges, such as geolocation verification.
But all that doesn’t mean traditional authentication and authorization methods are getting thrown out with the bathwater, so to speak.
Nolte acknowledged the payment and financial services industries’ push toward passwordless solutions but emphasized the need to design systems that can handle fallback scenarios, ensuring a catch-all approach for unexpected situations.
“We need to get to a point where the appropriate level of authentication is applied based on what the end-user is doing,” Nolte said.
“It will be a slow process, and it will take time for passwords to go away entirely,” he added.
As biometric authentication adoption enters the mainstream and scales across use cases, Nolte highlighted eCommerce payments as prime candidates for widespread biometric adoption.
The seamless integration of biometric authentication in eCommerce, and its potential application in age verification for restricted purchases, also hold potential, he noted, as do enterprise applications like call center authentication and account recovery.
In projecting the future of biometric authentication, Nolte pointed to the emergence of digital identity layers, citing the example of mobile driver’s licenses. He envisioned a future where digital IDs could streamline other authentication processes, making them more seamless and secure.
As technology continues to advance and consumer behaviors shift, the scalability and security of biometrics position them as a pivotal element in the future of authentication.