Biometrics the preferred second factor for strong customer authentication for mobile commerce
Biometric authentication will continue to be adopted for mobile commerce due to its combination of better security and improved user convenience as merchants apply multifactor-based strong customer authentication (SCA) in response to fraud risks and compliance requirements from card networks and regulators, according to a report from Mobey Forum.
“Authentication in M-Commerce: Balancing Risk and Experience” describes a challenging environment for mobile commerce retailers, as customer habits, fraud threats, and compliance requirements evolve. It predicts that U.S. Account Takeover Losses will rise from $392 million in 2013 to an expected $1.09 billion in 2020.
Despite this, reducing friction in the user experience is considered “very important” by 91 percent of those surveyed, while improving security and customer trust is considered very important by 68 percent, and “somewhat important” by 30 percent.
The report also discusses methods of SCA, including the EMV 3-D Secure messaging protocol and FIDO.
Biometric authentication is the second-factor technology of choice for 50 percent of those surveyed, far ahead of a software token or app running on the mobile device (20 percent) and one-time passwords (OTP) (8 percent). “Biometrics, however, are not a silver bullet and should be used in concert with other technologies,” the report authors warn.
They also suggest that the €30 threshold for applying SCA mandated by PSD2 is too low, and that risk-based authentication (RBA) is the most important tool for improving security and user experience.