Interview with Ulrike Rahnama
Ulrike Rahnama is Director of Issuing Processing & Analytics in our Global Business Line Financial Processing & Software Licensing. She joined the company in the mid-90s.
When it comes to payments, how has authentication changed and improved in the last few years?
Online payments were first made available to merchants about twenty years ago and, from the get-go, the main point of friction has always been buyer authentication, and therefore payment guarantee.
When global regulations, such as 3DSecure, appeared, it became mandatory to authenticate buyers in order to guarantee payments for merchants.
The implementation of 3DSecure was not an easy task for all the actors of the online payments’ value chain because, when this regulation first appeared:
- User experience was not optimal.
- Security and authentication methods were not as strong as what they are today.
- Some solutions, using, for example, OTP* via text messages or USB tokens were quite costly to maintain.
Nowadays, an efficient authentication solution must be able to address these key issues. In addition, payment regulations, such as PSD2 or the EBA guidelines, explicitly require strong authentication for online payments, whereas only authentication like 3DSecure was required a few years ago.
What is our WL Trusted Authentication solution and how does it work?
WL Trusted Authentication is a solution designed and developed by Worldline to address our customers’ needs for end users’ strong authentication when using online services with strong requirements around security, while maintaining an efficient user experience.
WL Trusted Authentication can replace other authentication solutions from simple password to hardware-based solutions; it can be used for many kinds of use cases, where there is an online interaction between the end user and the online service, in different types of context, such as banks, insurance, retail, telecommunications and more.
Furthermore, WL Trusted Authentication is a state-of-the-art solution capable of addressing upcoming regulation challenges for banks.
Concretely, our solution is a software-based strong authentication token which can be deployed on mobile or non-mobile devices. WL Trusted Authentication is an on-the-go solution and can be used anywhere, anytime and on any devices, as it mainly takes the form of a mobile solution for end users.
WL Trusted Authentication now comes with FIDO** compliancy. What is the FIDO standard and how does this enhance our solution?
FIDO is a renowned technical specification, based on open and interoperable set of mechanisms, for online strong authentication. It is currently supported by more than 200 large IT companies, including some of our main customers and partners. That is why we consider FIDO as one of the most interesting and promising market standard. Additionally, the fact that the specifications, such as the concept and the user experience, of the FIDO standard closely align with the way we have designed our WL Trusted Authentication, made it clear that we needed to embark this open standard in our solution.
In doing so, we can offer our customers an alternative and seamless way to implement trusted authentication in a very standard context. Additionally, because the FIDO standard is interoperable, it allows a plug-and-play implementation of our solution for our customers whose systems are FIDO compliant. Finally, the coupling of our strong authentication with FIDO interoperability opens up new business opportunities for our customers but also prepares them in terms of compliancy with upcoming regulations.
Thank you for your time today, Ulrike. I will leave you with one final question:
if you could invent a new innovative solution to help with one of your daily tasks, in your professional and/or private life, what would it be and why?
Identity checks are omnipresent in our professional and private lives and it can be cumbersome with multiple different passwords and settings. In order to alleviate that, I would create a cloud-based global digital passport that would support all use cases of identity check.
* One-Time Password
** Fast ID Online