Providing consumers with a secure alternative to an ever-increasing number of passwords and profiles without compromising convenience is the latest frontier in driving consumer acceptance of new forms of payment. Success in this field has the potential to outstrip the opportunity for payment innovation that has dominated the industry’s last decade. PCM takes a look at the growing market in digital authentication technologies.
by Simon Hardie
Solving the challenge of providing a robust, convenient technology that can protect consumer digital identity is fast becoming the Holy Grail for the payment technology industry. A relatively recent phenomenon, the concept of digital identity officially refers to the range of online profiles, cardholder details, loyalty schemes and social media accounts that make up a consumer’s identity online and that is increasingly encroaching on the physical world as methods of identity verification converge.
From whichever angle you look, the need for an urgent solution is obvious. Identity verification relies on technology – usernames, passwords and PINs – that is aging, having been in use for about 50 years. An Experian report in 2012 found that the average internet user has up to 40 online accounts. A separate study also revealed that consumers tend to rely on no more than five different passwords across all their accounts.
At the same time incidences of fraud in the online world are increasingly common. A survey of shoppers in the US in November 2014 showed that nearly 60% of consumers at retail stores had been notified of a retail data breach in the last two years.
Unsurprisingly, and in the wake of high profile data breaches over the last year at Home Depot and Target in the US, consumer demand for new methods to protect their security are also growing. The same survey also highlighted that 79% of consumers want to know what retail stores are doing to protect a consumers’ identity (see chart).
Data breaches at US retailers are one part of Barack Obama’s executive order in October last year to speed up the adoption of EMV. The drive for new methods of identity protection however are not confined to the US though where the continued use of the magnetic stripe for point of sale transactions has left retailers and consumers at risk of fraud.
In Europe, where chip and PIN cards are ubiquitous, fraudulent activity has jumped the channel from point of sale to online. With the growing connection between online profiles, identity verification and online commerce, risk of fraud is likely to increase without the introduction of a new, convenient form of authentication.
The technology itself does not necessarily have to be completely new to be successful, as the launch of Apple Pay in October last year has shown. Apple Pay has breathed new life into tokenisation and host card emulation – technologies that have been around for a decade or more. What matters is ease of use, combined with a method of authentication that has been specifically adapted to the digital world by moving away from static passwords or PINs and over-reliance on the sanctity of the card number.
With financial technology firms awash with investment funds over the last few years, companies that specialise in digital security are gaining increasing attention. In part this is because consumers are now much more comfortable with m-commerce, and technologies such as Apple Pay that enable quick authentication with a phone or other payment device at the point of sale are gradually entering the mainstream.
An example of this new wave in authentication is Zwipe, a Norwegian start-up that raised nearly $4 million at the end of 2013 to fund development of a contactless payment card with an on-card fingerprint scanner. The company has drawn attention from a wide range of financial institutions around the world, especially from emerging markets, where lower levels of numeracy or literacy require innovative solutions to traditional methods of identity verification.
“PINs and passwords get in the way of payment transactions. With a card that is activated using your thumbprint, the consumer doesn’t even have to think about the payment, they can just get on and buy. This is especially attractive in emerging markets where lower levels of education and financial literacy make it harder for banks to keep their customers safe. For us security is strongest when it simply disappears,” says Kim Humborstad, chief executive of Zwipe.
Another firm that made headlines at the end of 2014 is Duo Security when it raised $12 million in September, investors included Google’s venture capital arm. The company, launched in 2010, specialises in providing two factor authentication technology for mobile and desktop operating systems.
Duo Security CEO Dug Song says the market for stronger authentication has seen a step change over the last five years in particular as automated fraud has proliferated, “we saw the first automated banking trojan in 2005 but really since 2010 there has been a dramatic shift in the way that attackers online have been working, in particular with regard to automation.”
Duo and Zwipe are just two of a number of digital security firms that have been successful in attracting investor interest over the last year (see table). The challenge ahead for these smaller early-stage digital security firms however is the need to build recognition, and scale, in an industry dominated by giant banking brands, and where making customers feel secure relies on banks own initiatives to inform the customers of the measures they are taking to protect them. Banks themselves are also often reluctant to reveal that they are partnering with external suppliers, particularly in the area of data security technology, making that challenge harder still.
Start-ups Duo and Zwipe have already made some progress. Duo in its ability to persuade some of its customers in the US to co-brand its technology, something that it hopes one day to convince a top 4 US bank to do, and Zwipe with the launch of its Zwipe MasterCard where the payment scheme acted as equal partner at the launch and in the communications activity afterwards.
With the rise of smartphones and the continued rapid migration of consumers online, the rewards from a solution that can ensure customer safety, with a process that is as friction-free as possible is huge. Average online cart abandonment rates across Europe and the US were 68% in 2014 , while a consumer survey showed that more than one in five customers abandoned their purchase because the process took too long to complete .
The jury is out on whether consumers will ever be persuaded to give up all their current PINs, passwords and other forms of authentication for a single digital identity. Although there is perhaps an opportunity for platforms such as Apple or Google to help consumers manage their online identities better. One thing is certain though – as digital commerce grows and digital identity encroaches into the physical world, the race has only just begun.
The post The race to protect digital identity: the next frontier in payment innovation appeared first on Payments Cards & Mobile.