Merchant Acquiring CEO, Europe at Paysafe, Andrea Dunlop discusses building consumer trust in authenticating payments using biometrics.
Over the last few years biometric technology has increasingly become a part of our everyday lives, whether we’ve realised it or not. For example we’ve been scanning our faces at border control, and using Apple’s facial recognition features and fingerprints to access our smartphones.
Yet despite biometrics becoming commonplace, it seems that consumers are still wary of their use in conjunction with their financial data, with over half (56%) still preferring the humble password to authenticate payments, according to our latest research.
However, using our biometrics will be key to authenticating card-not-present (CNP) payments once compliance with Strong Customer Authentication (SCA) legislation is enforced.
SCA is a new European regulatory requirement to reduce fraud and make online payments more secure. It requires authentication via at least two of the following elements: something you know (password/PIN), something you have (phone/hardware token) and something you are (fingerprint or face recognition). Ahead of the deadline, it’s clear that work needs to be done to reassure consumers that using their biometrics is both safe and secure.
The role of SCA for businesses
In April 2019, the card schemes introduced new rules in Europe enforcing the adoption of 3D Secure 2.0 (3DS2), the new EMVCo security standard that allows customers to authenticate high-risk transactions with confidence, in compliance with the SCA regulations. are therefore obliged to transfer all of their European partners to 3DS2 by the SCA deadline.
The new requirements introduce multi-factor authentication for both eCommerce and mCommerce. This means that, while passwords – a factor called “what you know” – are still acceptable, issuers should also implement other factors, such as “what you have” (for example a verification code sent via SMS) and “who you are” (fingerprints and other biometrics).
Implementing these authentication methods facilitates the potential removal of passwords from authentication entirely, which will enhance security as there are more layers to the authentication process, while also streamlining the payment process for consumers. This is a significant benefit to merchants with mobile retail channels in particular as all consumers would need to do is scan their fingerprint on their own smart device to make a payment. This would create a convenient and efficient user experience, which is key for consumers.
The introduction of SCA also will make a significant difference for consumers when verifying payments. 95% of all transactions won’t have to be manually authenticated as less low risk and low value transactions will not have to be verified, and many payment methods will either be exempt from, or out of scope of, the standard. Additionally, with the static password system of verification as the major source of consumer frustration when making a payment (and merchant irritation due to its role in driving up cart abandonment rates), replacing this with authentication systems that are not only stronger but have a better user experience is key.
Consumer appetite for biometric authentication isn’t strong
This shift to place biometrics at the heart of payment verification may appear to be a win-win in the battle to provide secure and convenient payments. However, ultimately consumer appetite to leave password-based authentication behind and embrace biometrics will determine its speed of adoption and ultimate success. A large proportion (79%) of consumers still favour passwords for making payments online due to concerns about the security of new biometric options. The primary reason consumers wish to avoid them (45%) seems to be a lack of trust, and many have also stated they do not know enough about biometrics to trust them (35%). It is now in the hands of card issuers, online businesses, and PSPs to inform consumers on the security benefits of biometric payments to build trust.
But while consumers have certain perceptions of the risks posed by biometric payments, there is still a clear appetite to adopt due to their convenience. Many consumers believe that using biometrics is a significantly quicker and more efficient way of paying for goods and services (62%). Also, there are significant number of consumers that are already using biometric authentication methods including fingerprint (42%), facial recognition (17%) and voice-activated technologies (12%). It’s clear that convenience is driving adoption, but there is still a way to go before it is fully mainstream.
Full adoption of biometrics: sooner rather than later?
For consumers, greater trust in biometric authentication means that they will soon be open to the frictionless benefits of password-free eCommerce on devices such as Smart Homes, connected fridges, and IoT-enabled vehicles. Like any new solution/product, however, it’ll take time to get used to but once consumers start using it regularly and trusting this method to authenticate payments then they’ll no longer fear using it.
Biometrics provide a great opportunity to smooth payment processes and reduce cart abandonment. But, without the right education consumers could easily put off customers and potentially lead to the reverse – more cart abandonment issues where passwords aren’t required. Merchants need to tread carefully and reassure customers that biometrics are secure and trustworthy in order to smooth the path to adoption.