The evolution of payments, from bartering and cash to credit cards and digital methods, created a need for authentication measures to ensure the validity of the payment methods. Offline and pre-Internet, businesses have been able to verify ownership of checks and credit cards by manually checking IDs. However, the advent of the Internet, combined with the accompanying shift into eCommerce, produced a demand for authentication capabilities that did not involve human interaction and were scalable.
Currently, one of the most popular methods of online payment authentication is using geolocation algorithms, where merchants can authenticate consumers by comparing their billing details to their physical location and IP address. Payment authentication methods are constantly evolving in an attempt to keep up with consumer and merchant needs, and as such, the future of online payment authentication holds some exciting advancements.
Here are 4 authentication methods we can expect to see in the near future:
1. Selfie (Photo) Authentication
One of the most exciting authentication methods utilizes a tool that the vast majority of consumers already own and use on a regular basis: the cameras on their cell phones. By downloading a special app, consumers will be able to take a selfie – a photo of themselves – at checkout. So far, this “selfie pay” authentication method was tested by MasterCard in 2015 and is expected to expand on a larger scale later in 2016. Amazon is also opening up consumers to this payment authentication method, with recent talk about filing for selfie pay patents. There is even a new e-wallet called selfiepay that consumers can install on their smartphones and use to pay for goods and services from participating merchants.
This authentication method will be particularly popular among the younger generations, as this is an activity they engage in on a regular basis, anyway. This facial recognition technology will also require blinking to ensure that a still photo isn’t held up to the camera.
2. Biometric Authentication
Facial recognition notwithstanding, the human body can offer multiple outlets for biometric verification. Eye scans have long since appeared in science fiction films as an effective method of verifying identity, however development for real-world application is already under way. Eye veins are unique and consistent throughout life, much like fingerprints, thus enabling accurate acceptance or rejection of the consumer.
Hand veins are an additional option for authentication. Vein patterns are mapped out in the consumer’s hand and cross-referenced with the credit card when performing transactions. Multiple cards can be assigned to each vein pattern, thus eliminating the need for carrying the physical card, which, in turn, reduces the chances of fraud.
Voice authentication is an additional verification method that is already in use by various banking systems worldwide to verify account ownership. Cards and mobile phones will be connected to the consumer’s voice commands with specialized software, ensuring a high level of authentication accuracy.
Finally, wearable devices, such as the FitBit, are becoming increasingly popular, thus enabling the use of heartbeat technologies to verify identity. Since these devices monitor the user’s heartbeat at all times, they know the user’s precise signature pulse, granting applications the capability to recognize the user easily by linking their heartbeat to their payment method.
3. One-Time Password Tokens
One-time password tokens are usually generated on the spot and valid for one login only. Tokens are generally sent to the consumer by text message and are often part of a 2-step verification process, such as PIN verification when requesting the token. Additionally, consumers can download password-protected applications that create one-time tokens for them to use on websites of their choice. As there is no single password, accounts are not vulnerable to replay attacks, meaning that even if a hacker was able to access this one-time token, he would not be able to utilize the token at a later date.
4. Multi-Factor Authentication Methods
Verification abilities can be divided into three distinct factors:
1. knowledge (such as a password, PIN, or an answer to a security questions)
2. ownership (such as a mobile phone or a credit card)
3. inherence (such as an eye scan or fingerprint)
By combining two or three of these factors together, consumers can achieve optimal security when performing transactions, and merchants can minimize the instances of fraud. Two-factor authentication is already used to amplify security for non-payment websites: Google, for example, has offered two-step account verification for several years. The next natural step is to apply this method to payments, as well.
As the Internet continues to evolve, and consumer lives shift online and to their mobile devices, the need for stronger authentication methods grows. Each online payment solution will need to adopt one or more methods of identity verification to both ensure the safety of their consumers and to minimize fraud. With security concerns continually growing, merchants will need to stay one step ahead of the game – if not two.