Voice of the Industry

The benefits of biometrics in Strong Customer Authentication

Monday 20 July 2020 08:34 CET | Editor: Andra Constantinovici | Voice of the industry

Ralf Gladis, CEO of Computop, walks us through the ins and outs of biometric authentication within the confines of Delegated Strong Customer Authentication requirements.

Biometrics have changed the face of electronic payments, becoming a crucial element in Strong Customer Authentication (SCA), the requirement of PSD2, the revised Directive on Payment Services. SCA ensures that electronic payments are transacted using multi-factor authentication, one of which is biometrics, to increase security. The ability to transfer SCA from the issuer to the merchant via 3DS 2.0 became a reality with version 2.2, ensuring that the card-issuing bank could be confident that the authentication performed by the merchant is valid.

Why is SCA, and particularly a Delegated Strong Customer Authentication (DSCA), important? First, and significantly, an SCA delegation gives merchants an advantage over the issuer banks that should not be underestimated. In most cases, they can provide the customer with a much better authentication experience.  

Merchants using biometric authentication during the payment process with Computop, for example, can transfer information that the payment was initiated with secure biometric verification to the card-issuing bank. This then waives any further authentication of the customer. The delegated authentication procedure is explicitly provided for in PSD2.

Although the user interface for SCA in 3DS 2.0 is much more harmoniously integrated into the payment process than in 3DS 1.0, a merchant's SCA embedded in the checkout reduces the risk of abandonment substantially.  

This is not least due to the fact that merchants without SCA delegation would require cardholders to authenticate themselves twice in certain cases — the first time to log into their customer account at the merchant and the second time to initiate the payment. This becomes even more cumbersome when using a mobile device.

This additional hurdle could result in consumers turning to other payment methods for credit card payments and the credit card losing popularity or, more impactfully for merchants, to customers turning to other retailers where checkout works better. Customers desire expediency and ease, particularly when using their mobile device. 

Fortunately, the major credit card schemes allow authentication to be outsourced from issuers to merchants, helping to negate the checkout hurdle. This also helps address other payment issues, as retail call centres wouldn't have to support dozens of different authentication methods. To be most successful, merchants should seek payment service providers that deliver the necessary infrastructure to set up the SCA delegation for both smartphone and browser payments.

Biometric authentication

Important for SCA, particularly via mobile devices, are biometric authentication options, for example, via fingerprint or face recognition. If the biometric recognition is carried out according to FIDO standard, complete data protection and the security of the biometric features are guaranteed. Ideally, retailers should integrate the corresponding step at which SCA delegation takes place as early as possible in the purchasing process, for example, the moment customers log into the seller's app or their online store. Once this step has been taken, the relevant information can be sent to the issuer together with the other data points relevant for 3DS 2.0 in encrypted form to prove that the merchant has already provided compliant authentication.

The FIDO standard brings together hardware and software so organisations such as Apple, Samsung, Google and Microsoft can support common biometric features. Fingerprints or face scans are only stored in a specially protected area of the device that the user utilises for recognition. The data is not stored as a reproducible file, but as a mathematical expression. When a confirmation request is sent to the device, the biometric feature is not transmitted, it is the match of a key – a hash value – that is checked. If it matches the stored value, authentication will be successful. 

Security

Two-factor authentication within SCA is based on the use of two or more elements which are categorised as ‘knowledge’, something that only the user knows such as a password; ‘possession’, something that only the user possesses such as a smartphone; and inherence, something that is a personal or physical aspect of the user, for example, a fingerprint. These must be independent from each other. 

While a password could be discovered as part of a phishing attack for example, or a device could be stolen, the biometric feature can only ever be linked to the person, which is why biometrics make a major contribution to the secure payment process. 

Convenience

There is the added benefit of convenience. Unlocking the smartphone by fingerprint or face scan is learned, it is quick and does not require the entry of numbers or letters. This reduces the probability of last-minute cancellations of purchases when the customer is confronted with impractical passwords that have to be entered on a small smartphone screen. It’s no surprise that conversion rates increase with biometrics.

Merchants should strongly consider implementing SCA. The benefits are overwhelming, and as merchants "own" SCA, customers receive a more user-friendly experience, which will help to drive conversions. 

About Ralf Gladis

Ralf Gladis is the Co-Founder and CEO of the international payment service provider Computop – the payment people. In addition, Ralf acts as non-executive Director at Computop, Inc in New York. He is also responsible for the international expansion and strategic planning at Computop.

 


About Computop

Computop offers its customers around the world local and innovative omnichannel solutions for payment processing and fraud prevention, for e-commerce, at POS and on mobile devices. With the Computop Paygate payment platform, retailers and service providers have the flexibility to choose from over 350 payment methods. Computop, a global player with locations in Germany, China, England and the USA, has been servicing large international companies for more than 20 years, including global brands such as Amway, C&A, Fossil, Otto Group, Sixt, Swarovski and Wargaming. Computop processes transactions with a combined value of USD 34 billion in 127 currencies.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Ralf Gladis, Computop, SCA, Strong Customer Authentication, biometric authentication, 3DS 2.0, PSD2, Payment Service Directive, FIDO, fingerprint authentication, Germany, Europe
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: Germany
This article is part of category

Securing Transactions