Bringing authentication into the AI century

By Eran Vanounou, CTO, Forter

All organizations strive for strong security, high approvals, and a customer experience that feels effortless. Historically, frequent use of authentication tools like CAPTCHA, one-time SMS codes, and blanket 3DS coverage helped businesses do just that. However, today’s customer journey flows much differently than before, spreading across devices, shaped by automation, and powered by artificial intelligence (AI) assistants. What worked five years or even one year ago might already be standing in the way of creating impactful experiences.

Your authentication flow should work for you, not against you, and shouldn’t feel clunky or heavy. If it does, it might be time to rethink your approach.

How to tell if your authentication tools are stuck in the past

Does your organization frequently use CAPTCHA challenges? What about step-up verifications? Or even one-time passwords? If you answered yes, then it’s time for a reality check. Even though these legacy authentication systems are the ‘default’ and easy to implement, they often slow things down, frustrate mobile users, and increase abandonment. They weren’t built for how consumers – or fraudsters – interact with digital commerce organizations today, and they certainly weren’t built for an agentic AI-powered landscape.

For example, CAPTCHA challenges are frustrating for real users and easily bypassed by sophisticated bots, while one-time passwords (OTPs) via SMS or email delay the experience and can be intercepted or ignored.

Fraudsters have evolved alongside AI, meaning many of these authentication processes end up blocking good users more than bad ones. While that doesn’t inherently mean these tools are “bad,” it just means they’re out of touch with today’s digital experiences – and threats.

Think fast = fraud? Think again

Today’s shoppers don’t always act human behind the screen. From breezing through forms with autofill, hopping between apps and devices, and relying on personal shopping assistants or AI agents, today’s digital experiences are often not what we expect. They’re quick, fragmented, and may appear to be a bot, even if they’re not.

Authentication flows that anticipate outdated behavior and patterns, like expecting static sessions and manual inputs, aren’t able to keep up with the new normal of digital commerce. Patterns that used to look suspicious, including ultra-fast clicks and cross-device shopping, might be totally legitimate. However, if legacy systems can’t tell the difference, the experience of real customers will suffer. They might get flagged as fraud and experience friction, ultimately ending in a negative experience and a lost sale. Furthermore, you must choose the right authentication method in accordance with specific fraud MOs to avoid letting fraud slip through the cracks. That’s why it’s time to start designing for how people, and their tech, actually shop now.

Adept authentication alternatives

Leaders don’t need to choose between protecting their business and giving customers the smooth experience they expect. Modern authentication must be built on trust, timing, and intelligence, rather than interruptions. Here are a few ways to do this to reduce friction while staying secure:

• Identity-based trust scoring: Evaluate risk before the customer even reaches checkout. Make sure to choose the appropriate authentication method.
• Adaptive risk-based 3DS: Provides additional verification only for borderline risky transactions – creating peace of mind.
• AI-powered behavioral intelligence: Learns from each user session to become sharper – and more accurate – over time.
• Real-time decisions: Rich, actionable insights can power real-time decisions, bolstering the experience.
• Cross-functional alignment: Support the end-to-end customer journey with authentication by aligning fraud, payments, and digital teams.

When authentication is anchored in trust rather than friction, everyone wins.

Usher in a future of authentication, led by trust

Authentication needs to be just as dynamic as today’s fraudsters. It’s not about adding more steps; it’s about smarter context, stronger signals, and systems that can keep up. When trust drives your flow, authentication works seamlessly in the background, keeping real customers loyal and real risks out.

About the author

Eran Vanounou is CTO of Forter, a leader in ecommerce trust, fraud prevention, and identity protection.

Article Topics

adaptive authentication  |  authentication  |  digital trust  |  Forter  |  fraud prevention  |  identity access management (IAM)