Fraud is still among the top concerns for online merchants and their customers, even as the eCommerce industry explodes in growth and becomes a necessity in all our lives.
Fraud threatens merchants with possible financial exposure from unwanted chargebacks and jeopardizes their customers’ trust and loyalty. For shoppers, fraud makes it difficult for them to make a purchase (at best), and seriously threatens their private financial information (at worst).
On top of fraud risk, providing a frictionless transaction experience is optimal—and your customers expect it. To avoid cart abandonment, merchants need to give shoppers a payment authorization and authentication experience that is efficient, easy and quick.
Biometrics data improves the authentication process
In a recent webinar hosted alongside Stefan Cenusa, 2Checkout’s Product Manager in Payments, we addressed how the modern commerce ecosystem has begun to employ user biometrics data in faster and safer ways to clear payments.
Biometry is the physical or behavioral characteristics that can be used to digitally identify a person, as a security measure, and are part of the implementation of SCA, which was triggered with the introduction of PSD2.
Biometrics work as the identification part of the payment flow to authenticate the shopper to confirm that he is the legit user of the payment method. Biometrics can be physical, like a fingerprint, iris scanner, or facial ID; or behavioral, like navigation / keystroke patterns or physical movements unique to the individual.
Overview of PSD2, SCA, and 3D Secure 2
Before diving into biometrics, we started off with a “primer” on PSD2, SCA, and 3D Secure 2. We walked through the authorization process (whereby the issuing bank verifies the validity of a payment either by card or alternative payment method, so the transaction can go through) and then described the added step of authentication. In this step, the consumer must prove to the issuing bank that it is, indeed, him/her who is performing a transaction.
Strong customer authentication (SCA) is defined as “an authentication based on the use of two or more elements categorized as knowledge (something only the user knows, like a password pin, or secret fact), possession (something only the user possesses, like their phone or smart card) and inherence (something the user is, like a fingerprint, voice patterns, etc.).
3DS2 adapts to SCA using multi-factor authentication (MFA), which includes biometric authentication such as fingerprints or facial recognition, and QR codes than can be scanned by mobile applications.
During the session we got a chance to share striking statistics that illustrate why SCA is so important:
- eCommerce fraud losses in Europe have recently been as high as 2.1 billion USD dollars/ 1.8 billion euros
- CNP (Card Not Present) transactions are more likely to be declined (15-20% versus in person at only 2-3%)
- Of all fraud, CNP is most common at 75% of cases
- Password authentication is outdated and vulnerable, and leads to 20-25% of cart abandonment
- After being falsely declined, 33% of consumers stop using the card or use it less
- 58% of consumers, when questioned, are positive about new solution alternatives
In explaining the background as to why biometrics are beneficial, we also covered:
- Variations that determine whether SCA is required and who bears the liability (the issuing bank, the acquirer, the PSP/processor, or the merchant), depending on the location of both the merchant and shopper
- Transaction exemptions and what payments are deemed out of SCA scope.
SCA exceptions
Biometrics make payment authentication more secure and successful
This session also offered the opportunity to present live demos of how biometrics verification works:
- The consumer clicks “Buy” on the product page
- The consumer is directed to a page where they fill out their payment info, including the card they are using
- Biometrics are used to confirm that the consumer is the card holder and the individual making the purchase. Two of the options we showed flow examples for in this session included:
- How shoppers can use their fingerprint (which can be recorded with an optical or a capacitive scanner), or
- How they can use a combination of facial recognition and QR codes, an approach which requires that the consumer has a modern smart phone, or a phone camera or infrared sensor. This latter method used to be unreliable but has become more and more safe and efficient.
As you’ll see from the demos we did during the full session, biometric authentication flows occur seamlessly. Boost in CR numbers is one of the main drivers for biometric adoption – a faster checkout experience has been demonstrated to increase cart conversion rates. As our example showcases, all the user had to do in the FaceID/QR code use case was to scan the code and that was it! No extra payment details were needed to be introduced, given that the alternative payment method connected directly to the bank application, and subsequently verified their identity via face scan.
Because of the speed with which these transactions occur and given shoppers’ preference for these expedited flows, we expect to see QR code authentications more frequently in the future. As shoppers start expecting these effortless checkouts, and as the process performs much better in terms of cart conversion rate, more companies are expected to start implementing QR codes in the near future.
Threats to biometrics and what to expect in the future
Unfortunately, even as these new measures are used to prevent fraud, the fraudsters continue to get better at outsmarting technology. Deepfake is an example of technology that can bypass face recognition software, for example, and fingerprint scans can also be fooled.
But the future is positively sci-fi, as we hope our webinar evidenced. One of the latest technology advances in biometrics includes vascular pattern recognition, an improvement on fingerprint scanning. Because the vascular patterns under the skin of every individual are unique, this can be used to further authenticate a payment. Gait recognition and movement patterns / cadence of the fingers, eyes, and hands are also being developed and improved.
Clearly, the age of passwords is coming to an end, with biometric payment authentication on the near horizon. As this webinar makes clear, biometrics offer a great opportunity to streamline payment processes, help prevent fraud, and decrease cart abandonment.
To learn more about how biometrics are shaping the payments industry, watch the full session here.