Blog / Solutions Blog /

A simple and secured payment experience thanks to risk-based authentication

A simple and secured payment experience
thanks to risk-based authentication

Julien Gabillet

Global Product Manager & International Business Developer


A market under pressure

In the e-banking landscape, strong authentication is becoming the new norm to bring security in the relationship between banks and their customers. Indeed, market dynamics are pushing for more customer authentication.

Banks now bring more innovative services online and on mobile devices, which leads to more usages in e/m-banking and e/m commerce. While shifting to more and more digital interactions with their customers, banks must securely share this data.

Banks are also facing an increase in frauds on these new channels. Studies clearly show that implementing strong authentication reduces that fraud risk.

Rules and regulations also require the adoption of customer authentication. PSD2* and EBA** in Europe, FFIEC*** in the US, MAS**** in Singapore, and other regulatory bodies, identified strong benefits from customer authentication for issuers and consumers.

But security solutions available on the market add friction in the user experience. Customer authentication should not be seen as an additional layer, it must be integrated in the global process in order to have minimum impact on the user experience.


WL Access Control Server powered by Risk-Based Authentication, an efficient solution

As a global player in payment services and security, Worldline continuously invests in innovative leading edge solutions to answer these challenges.


WL Access Control Server is one of these solutions. It enables strong authentication for e-commerce and is compliant with the 3-D Secure standard. It includes a wide range of authentication methods, such as static password, SMS One-Time-Password and biometrics.

Now, Worldline combines two solutions, WL Access Control Server and WL Online Watcher, to provide a better payment experience in e/m-commerce. WL Online Watcher allows for real-time fraud detection and prevention, based on a serie of rules, by evaluating the risk of each transaction in real time. A risk score is then delivered to WL Access Control Server. Scoring rules are based on transaction data and also user device, merchant environment, and data analytics.

Clients can easily define their personalized strategy for Risk-Based Authentication on the solution’s intuitive administration interface. The following rules can be set, for example:


  • Low risk transactions are not asked for challenge authentication
  • Medium risk transactions require strong authentication
  • High risk transactions are declined


Advantages for banks

With the combination of these two solutions, the payment experience becomes simpler and banks can reduce costs of strong authentication methods in a smart way, while decreasing the level of fraud. Another advantage is the full compliancy with local regulations and future 3-D Secure 2.0 standard.

Moreover, banks can improve their fraud strategy efficiency thanks to Risk-Based Authentication. Indeed, this type of authentication uses transaction and context data, like device information, geolocation and cardholder behavior for example. These data inputs can be integrated in their fraud detection tools in order to refine their settings.

Advantages for merchants

Possible advantages for merchants are higher conversion rates and a better shopping experience. For instance, when a consumer frequently purchases the same goods from a safe merchant, for about the same amount, strong authentication is no longer required, giving the consumer a better checkout experience.

Digital identity, tomorrow’s strategic axis

Digital transformation is a key driver of today’s business. It opens new behaviors requiring new services and developing the cyber business. But speed and virtuality of contacts increase the risks of fraud.

And yet, trust is an absolute necessity for successful digital business as for our increasingly digital daily life. That’s’ why digital identity is its essential component. By easily creating a strong authentication, it reinforces the security.

Deploying such a solution is rather easy. Some players already have strong assets in hands to provide this digital identity for their clients. They know their client details and they are considered as trusted service providers. Banks or insurances are among them.

Coupled with a Risk-Based Authentication approach, digital identity creates the best conditions of success for developing your new businesses with a simple and secured user experience


* Payment Services Directive

** European Banking Authority

*** Federal Financial Institutions Examination Council

**** Monetary Authority of Singapore