Biometric Authentication – Too Good to Be True?
Thumbprint ID’s, facial recognition, iris scanning – biometrics are certainly the hot new factor in online and mobile authentication. Mastercard’s recent news that the company will allow customers to take a selfie to verify their identity when making online payments is further evidence of the growing trend. But do biometrics actually help businesses and their customers, or are they just providing a false sense of security?
While the technology of biometrics itself adds a layer of security and identity verification to transaction processing, it can still leave businesses vulnerable to breaches. In the case of Mastercard’s new selfie authentication, it’s entirely possible that a fraudster would be able to snag a selfie of their victim off Facebook or Instagram to use during the checkout process. Thumbprint authentication can also be easily duplicated – fraudsters had that security measure work around the day it was introduced on smartphones. There’s no doubt that sophisticated fraudsters have the ability to get their hands on someone else’s fingerprint.
When it comes to payment security and verification, what’s truly important is the platform built behind the biometric technology. Of course, biometrics can provide additional value when it comes to verifying a user’s identity, but fraud prevention really ties to the strength of the back end system. Companies must consider several strategies when it comes to providing secure yet efficient transactions. With each transaction, multiple methods to verify the customer identity and their payment method should be in place. Businesses should work with vendors who specialize in reviewing transactions for trends, to get a better sense of what fraudulent transactions look like, and use that information to stop fraud in its tracks.
Most businesses, especially retailers, aren’t experts in fraud – and that’s ok – as long as they have a partner in place who is. It’s essential to have processes in place to monitor all transactions in real-time to seek out similarities in non-legitimate transactions. Solutions also need to be flexible and predictive, so that the technology stays one step ahead as fraud evolves, and they must work seamlessly together so companies can better understand their customers and the context behind each order to prevent truly fraudulent transactions, while ensuring that legitimate ones are going through undisturbed.
In order to best protect against fraud and other threats, merchants need to do their research. There are conferences such as CNP Expo or Kount’s Fraud360 Seminar Series to help expose retailers to the different solutions available today. While most merchants are focusing on growing their mobile commerce, they must simultaneously identify and integrate the right security tools to prevent fraud as it occurs. Merchants need to be aware of the key areas to focus on in mobile. Working with a vendor who is well versed in the space will help protect against existing and new fraud techniques designated for the mobile space.