The growth of biometric authentication under SCA

The first day of 2021 was potentially the most significant of the year for the payments industry. That’s because, after several delays, the deadline for Strong Customer Authentication (SCA) enforcement under the EU’s second Payment Services Directive (PSD2) has now passed. This regulation mandates that issuers no longer take a risk-based approach to card-not-present transactions; payments that do not satisfy the criteria laid out by the directive will be blanket declined.

And while we are yet to see the full effect of this regulation – in many cases local regulators have implemented their own phased implementation of the regulation as issuers’ readiness varies from country to country – there is no doubt that in the long term the impact of SCA will be seismic.

What is Strong Customer Authentication?

In simple terms, Strong Customer Authentication mandates that issuers demand ‘multi-factor’ authentication for all card-not-present transactions, except those that are either exempt or out of scope. The factors that consumers can use to identify themselves are grouped as knowledge (something the user knows), possession (something the user has) and inherence (something the user is).

The consumer must verify a payment using at least two methods and they must be from different groups e.g. one that the consumer knows (a user generated password) and one the consumer has (a one-time password delivered to the consumer via an SMS).

Why merchants are concerned

Online businesses have remained sceptical about the introduction of SCA, and specifically 3D Secure 2 (3DS2), the EMVCo solution that will the primary method for compliance with the directive. This attitude is heavily influenced by the experience of integrating the original 3DS solution for authenticating online payments. The additional security at the checkout vis 3DS had a significantly detrimental impact on conversion rates when it was introduced, and there is concern from merchants that forcing customers into even greater security procedures will yield the same results. By compelling merchants to offer at least two pieces of information for verification when a payment falls within the scope of SCA, there is a belief that the compound impact of a more confusing and laborious checkout process will inevitably lead to even higher levels of cart abandonment.

The move to biometric authentication: how SCA will change consumer payment habits

The first thing to note is that consumer appetite for greater security measures at the checkout is perhaps stronger than businesses realise. Last year we commissioned a survey of 8,000 consumers globally which included questions about the current level of security they face when completing transactions online. Only 18% of consumers told us that they thought the balance between security measures and the convenience of the checkout process was currently about right. 76% said that they would like to see stricter security measures implemented, and an even more telling 51% said that they would tolerate any level inconvenience if it meant that their payments were more secure. So overall, there are strong arguments that consumers will be more favourable of a payments process requiring multi-factor authentication not less, and therefore that online checkouts that are 3DS2-enabled will actually enhance conversion.

The second is that, in many cases, the introduction of SCA and 3DS2 will actually improve the checkout experience rather than impair it. The original 3DS was launched in 1999, relied exclusively on password authentication, and was designed solely for desktop eCommerce. Over the past few years online shopping trends have been driven by a shift towards mCommerce, both via mobile browsers and especially in-app. The manual entry of passwords on a smartphone is an even more cumbersome process than on a computer, driving away those consumers that are unprepared to be inconvenienced for the sake of security.

Where 3DS2, designed with the mCommerce shift in mind, will drive a significant shift in consumer behaviour, is the adoption of biometric authentication. As biometrics is one of the three authentication factors of Strong Customer Authentication (what the user is), and the user experience is much smoother than password recollection and entry, there is a compelling argument that 3DS2 will improve the security and the convenience of the online checkout.

The consumer perspective

There are clear use cases where biometrics have already become the norm for a lot of people. The largest of these biometric projects globally is the Aadhaar identification project in India which stores biometric data of 1.25 billion people. Other global industries where personal authentication is essential, such as travel and border control, are also rapidly turning to biometrics as a solution to their issues which have been exacerbated by COVID-19.  

So biometric authentication is already a compelling proposition for many, and adoption will continue to accelerate substantially as the dual benefits of biometric authentication become even clearer under Strong Customer Authentication. Consumers that want a more secure online checkout will become educated on why biometrics being safer than passwords, and those that rely on speed at the checkout will prefer the ease of facial or fingerprint recognition over password entry. This growth is one reason why Juniper Research has already predicted that biometrics will be used for more than 18 billion transactions in 2021, with a value exceeding $210 billion.

This article was originally published by The Fintech Times.