Digital Identity and Authentication in the Financial Services Industry: Navigating a Digital Future

Digital authentication - pivotal to today’s world

Undeniably, digital authentication will play an increasingly pivotal role in our daily lives. In many ways, it already does. The financial service industry, backed by regulatory requirements, has emerged as a driving force in this evolution, especially in regard to more personalised and efficient user experiences. However, various other industries are recognising the significance of this form of authentication to secure access to sensitive digital content and data.

Organisations like the European Union (EU) are taking significant strides towards more comprehensive digital authentication. The EU is actively working on the introduction of electronic ID wallets, enabling individuals to store ID documents in digital form. This initiative is complemented by EU regulations, notably the eIDAS Regulation, which seeks to regulate electronic identification through ID wallets and accelerate their implementation. While not directly linked to financial services, a broader adoption of digital authentication will bolster existing payment integration and fraud detection methods. The EU has prioritised inclusion in payment transactions, supported by new regulations like the draft-stage Payment Service Regulation and the Accessibility Act. Consequently, payment service providers, especially within the EU, must make their offerings as universal and accessible as possible for all user groups.

Since the introduction of PSD2 (Payment Service Directive 2), innovative authentication methods have been widely adopted. Many leverage smartphones, ensuring both robust security and user-friendliness. However, not everyone has access to a smartphone, so discussions are already underway in the industry to make strong and user-friendly authentication accessible to a broader range of users. One potential solution is the integration of additional digital authentication channels, such as proving ownership of laptops, desktop PCs, wearables or even cars. This versatility will enable users to authenticate according to their preferences.

Compliance with regulatory requirements is imperative, but success in the modern age requires solutions that balance security and user-friendliness. This equilibrium is the essence of the "FIDO Alliance" (FIDO = Fast Identity Online). You could also read this in our recent announcement where we shared the news that Worldline has been certified by FIDO Alliance. FIDO is dedicated to establishing a standard for digital authentication on the internet that is password-free, user-friendly, and maximally secure. In alignment with FIDO standards, the World Wide Web Consortium (W3C) has introduced the Secure Payment Confirmation (SPC) as a practical example. SPC seamlessly integrates two-factor authentication into the browser, streamlining the purchase process by eliminating the need for additional devices or apps.

The power of data and artificial intelligence

In the financial service sector, the balance between security and user-friendliness is achieved via risk-based authentication (RBA). This practice, already a best practice in e-commerce payments, hinges on real-time algorithms that assess transaction fraud risks, facilitating rapid risk assessments. Importantly, this enables decision-making during the ongoing payment process, determining whether active user authentication is necessary while seamlessly processing in the background.

The efficacy of risk-based authentication is influenced by two critical factors: data input and the utilisation of algorithms. Organisations that harness these factors more effectively than their counterparts gain a significant competitive advantage in delivering top-tier digital authentication solutions. While merchants already transmit the necessary data to payment service providers, the potential for improvement is significant.

Artificial intelligence is crucial in this context, enabling continuous algorithm optimisation. In the future, the necessity for active authentication should be limited to rare cases, considering that most online transactions are legitimate. More clear signs of fraud can be easily identified and rejected. For many payment providers and merchants, offering a seamless customer journey is key. Therefore, utilising blanket fraud detection and security processes can negatively impact genuine users. As such, any means by which the impact on the user can be minimised while the level of security is increased offers benefits beyond just trust and financial security.

Complex fraud patterns require a creative defence

In line with the fast pace of today's payments and financial world, the modern fraudster is relentlessly seeking to outmanoeuvre and compromise new security procedures. One common target is the initial registration process, where third-party devices like smartphones are exploited as legitimate authentication factors.

These deceptive practices allow fraudsters to conduct transactions under the guise of authorised individuals. They use easily obtained information, like PINs, personal data, or passwords, used during authentication procedure registration. Phishing, spoofing, and social engineering further enable fraudsters to use the smartphone - a powerful tool for both genuine users and bad agents.

In response to this, future digital authentication may utilise indivisible proof of identity, particularly during initial registration. This method includes the use of physical objects (such as an ID card or banking cards) that require in-person scanning via a smartphone, which could be used to prove identity. This approach mitigates the risk of data being compromised which is inherent to methods like PINs. However, in using this, a slight compromise in user experience must be accepted to create a robust barrier against fraud.

Combating fraud requires a collective and conscious effort. Safeguarding one's digital identity requires a deliberate approach in today's digitally driven world. Authentication should only be processed in trustworthy and known processes. There is a human element to security, and a level of personal responsibility. This stands alongside technological advancements. Players in the financial and payments world need to recognise the need for creative approaches towards, fraud, and be willing to adopt different forms of authentication, whether completely, or partially digital.

To conclude

Digital authentication is a dynamic force with immense potential to enhance the security and convenience of digital interactions. The financial and payments industry has both the responsibility and the opportunity to bolster authentication security while streamlining the process for users. Although a "perfect" solution remains a work in progress, continuous innovation and adaptation are essential. As fraudsters persist in their efforts, data and artificial intelligence represent promising avenues for merchants and payment providers to maintain a competitive edge.

Ultimately, each individual must recognise the intrinsic value of their digital identity and adopt a conscientious approach to its preservation. As individuals become more aware of this, their personal demand for services and processes they can trust will increase. For this reason, it's of benefit for payment providers to lead the way in developing and implementing new forms of authentication that offer personalisation, flexibility, resilience and optimisation.

The growing scope of usable digital authentication cases promises to empower users in their digital journey, marking a profound transformation in our daily lives. Digital authentication is set to simplify many everyday activities, while bolstering security and user-friendliness in the financial service industry.

Read more about the Authentication and Security solutions here.

This article originally appeared in the German language in Ident Magazine.