Reimagining Authentication for the Next Frontier of Commerce

Reimagining Authentication for the Next Frontier of Commerce

Reimagining Authentication for the Next Frontier of Commerce

Jordan McKee

Jordan McKee

Jordan McKee is a Research Director at 451 Research, a global IT research and advisory firm. McKee oversees 451’s Customer Experience & Commerce group while leading its coverage of the payments ecosystem.

More Info

Imagine the convenience of shaving 60 seconds from your total refueling time on a cold winter night by pre-paying on the dash of your car, or summoning last-minute groceries from your smart speaker in the midst of meal prep. Now reimagine how quickly that experience would be destroyed by a pop-up requiring a password or a request for a one-time passcode to complete the transaction.

For decades, the payments industry has relied upon static Personal Identification Numbers (PINs) and passwords for authentication. This framework has served us reasonably well to date, thanks to an ability to transcend channels — from ATMs and point-of-sale (POS) systems to e-commerce and mobile — by simply adapting the basic keypad to be rendered virtually.

David Andre headshot inside navy outlined speaker box.

The TSYS Take:
Read David Andre's point of view on fraud prevention

But what happens to this system of authentication as commerce extends beyond payment terminals, smartphones and computers, and into the fragmented ecosystem of connected objects in the world around us? Despite new technologies and new authentication standards arriving with the Second Payment Services Directive (PSD2 – more on this later), many emerging commerce endpoints lack the interfaces on which current-generation authentication systems have been predicated, spelling a need for a renewed approach to payment security.

IoT broadens the acceptance network

The internet of things (IoT) is ushering in the next frontier of commerce by embedding payment capabilities into the world around us. Dozens of IoT-payments projects are already live or in pilots around the globe, including with major equipment manufacturers and technology companies like Honda, Ford, GM, Samsung, Amazon and Garmin. From ordering pizza via the dash of your car to buying eggs from your fridge, these initiatives are serving to broaden the acceptance network by making commerce more accessible – and more impulsive – than ever before.

Many emerging commerce endpoints lack the interfaces on which current-generation authentication systems have been predicated, spelling a need for a renewed approach to payment security.

The bedrock for the connected commerce opportunity continues to strengthen. More than one in three U.S. consumers now own a smart home device (e.g., smart speaker, smart appliance) and nearly a quarter of automobile owners have a connected car.* Promisingly, many of these emerging connectivity platforms are becoming engrained into consumers' daily routines – including shopping. Take, for instance, that already half of smart speaker owners are using them daily, with a third using them for commerce-related activities* (e.g., creating shopping lists, buying products).

What is Strong Customer Authentication? A chart showing three items. 1) Knowledge 2) Possession 3) Inherence

As connected devices account for more and more of our purchases over time, the importance of the user experience will accelerate. Our industry must not only prepare to securely initiate, authenticate and facilitate payments across devices and endpoints that were not initially engineered for such – like appliances, automobiles or speakers – but they must do so in a matter that doesn’t mar the user experience, thus destroying the market opportunity. 

Addressing these requirements is already posing a mounting challenge. According to a recent survey conducted by 451 Research, 52% of merchants told us they are unable to effectively balance usability with security in digital commerce. 

Authentication reimagined for connected commerce

The global growth of digital transactions has demanded a deeper, industry-wide commitment to authentication and fraud prevention. In markets like Europe, regulation brought on by PSD2 and Strong Customer Authentication (SCA) is helping promote more stringent requirements for validating customers online. While well-intentioned, this regulation, along with others like the Reserve Bank of India's requirement for two-factor authentication, are largely built for desktop and mobile, and fail to take into full consideration where payments and commerce are migrating.

Our industry must build for a future where transactions are increasingly conducted on connected devices not initially built to handle payments – devices that render PINs, passwords and payment credentials too cumbersome to input, or lack the user interfaces to enter them altogether. In many IoT instances, it will be interfaces such as voice or eye motion — not touchscreens or keypads — that reign supreme. This will necessitate fundamentally new approaches to authentication that will champion low-friction methods like biometrics over manual data entry.

Encouragingly, early evidence of progress is beginning to emerge. At 2018's Consumer Electronics Show (CES), driver assistance vendor Gentex unveiled a connected car payment system in collaboration with Visa that leverages the review mirror to conduct an iris scan that sanctions activities like in-vehicle payments and tolling. In January, call center specialist Pindrop launched its Voice Identity Platform to bring voice authentication and fraudulent user detection to IoT endpoints like connected cars and smart home devices. These physical biometric approaches, utilized in conjunction with machine learning that analyze behavioral patterns in how users shop and interact with their devices, will be critical in ensuring that strong authentication can live alongside a solid user experience for IoT payments.

The requirement for layered approaches to fraud and risk management will only continue to grow under IoT. Existing architectures, such as EMV payment tokenization and 3D Secure 2, will play important roles in delivering the necessary frameworks to securely exchange data and execute payment transactions across new connected endpoints. However, that means eradicating static identifiers, and moving toward more dynamic, user-friendly authentication inputs.

The takeaway on the future of authentication

While existing frameworks like 3D Secure 2 and EMV payment tokenization provide important building blocks, IoT demands a concerted, industry-wide commitment to move toward strategies that begin to eliminate static PINs, passwords and payment credentials from commerce altogether. This will be imperative to securely scaling the IoT-payments opportunity in a manner that doesn't compromise the customer experience. Our industry has proven adept in collaboratively developing adaptable security technologies and will need to do so more than ever as IoT scales further.

Payment capabilities are quickly following the spread of connectivity, enabling any connected endpoint to become a platform for commerce. There's no reason to wait for regulation to mandate the types of authentication experiences that will be required to securely enable commerce in the IoT. The payments industry must start reimagining what authentication will look like across these new connectivity platforms and build for a future that simultaneously prioritizes both usability and strong security.

*Source: 451 Research

The statements and opinions of the writer do not necessarily reflect those of TSYS.

Other Articles by Jordan

Jordan McKee

Jordan McKee is a Research Director at 451 Research, a global IT research and advisory firm. McKee oversees 451’s Customer Experience & Commerce group while leading its coverage of the payments ecosystem. He focuses on digital transformation strategies for payment networks, issuing and acquiring banks, payment processors, point-of-sale providers and other payments industry stakeholders. His research helps vendors and enterprises assess the key implications of emerging technologies driving the digitization of payments and commerce.

Share this story via email or social networks

  1. You Know You've Been Part of the Payments Industry Too Long When…

    Tue Oct 30, 2018 09:00 AM

    You Know You've Been Part of the Payments Industry Too Long When...

    Categories: Articles and Blogs
  2. Winning at the point of sale in the convenience sector

    Mon Mar 18, 2019 12:02 AM

    Winning at the point of sale in the convenience sector

    It’s quite possible that there has never been a more pivotal time in the convenience-store industry. With the obvious exception of e-commerce, the convenience-store and club sectors are the only two other retail channels expected to grow over the next three years – and not nearly as briskly as e-commerce.more...

    Categories: Articles and Blogs
  3. Will Globally Popular Regulatory Sandboxes Ever Crack the U.S. Payments Market?

    Tue Jan 29, 2019 08:59 AM

    Will Globally Popular Regulatory Sandboxes Ever Crack the U.S. Payments Market?

    Categories: Articles and Blogs
  4. Why Your Business Needs to Accept Chip Cards

    Wed Mar 6, 2019 12:06 AM

    Why Your Business Needs to Accept Chip Cards

    It feels like forever ago that the EMV® Liability Switch took place on October 1, 2017. But even now, many businesses have not switched over to taking exclusively EMV (colloquially known as chip cards). more...

    Categories: Articles and Blogs
  5. Why the Payments Industry Needs to Hire More Veterans

    Tue Jul 2, 2019 09:00 AM

    Why the Payments Industry Needs to Hire More Veterans

    Tags: purdy
    Categories: Articles and Blogs
  6. Why It Pays to Be a Payment Facilitator

    Mon Jun 3, 2019 01:02 AM

    Why It Pays to Be a Payment Facilitator

    Payment facilitators. You already know of them and what they do, even if you’re not familiar with the term. In fact, PayPal®—which might be described as the original payment facilitator—is sometimes referred to as a kind of “Super Facilitator,” with Square® being a more recent player.   more...

    Categories: Articles and Blogs
  7. Why Isn't Mobile Pay Usage Spreading Faster?

    Fri Apr 13, 2018 05:52 PM

    Why Isn't Mobile Pay Usage Spreading Faster?

    Categories: Articles and Blogs
  8. Why is Fintech So Focused on New Payment Rails?

    Fri Apr 13, 2018 05:36 PM

    Why is Fintech So Focused on New Payment Rails?

    Categories: Articles and Blogs