Visa says payment industry can move away from using passwords

World Password Day was “observed” last week and there is no better time to acknowledge that the computer password is over 50 years old. It was invented by Fernando Corbato in the 1960s. Since then, other ways for consumers to authenticate their identity have been developed and according to a Euromonitor study, occurred 52 trillion times in 2016.

However, traditional methods of entering a password, mother’s maiden name, high school mascot, or other types of knowledge-based authentication have frustrated even the most patient consumers when the information is forgotten, stolen or has been typed onto tiny keyboards. More importantly, there are more secure ways to verify who you are.

Time for change

Visa believes the payment industry can move away from passwords in the next five years.

Advancements in authentication and anti-fraud technologies are already making static cardholder verification (CVM) methods such as signature and PINs safely optional for merchants and issuers in some environments. In October 2018, signature became optional for EMV Chip-enabled merchants on the Visa payment network due to the security capabilities of the chip. Financial institutions and merchants can also share 10 times more data with each other than ever before for advanced risk-based decision-making to authenticate buyers from any connected device or app, often without asking the consumer to do anything at all. And the growing sophistication of artificial intelligence is making fraud detection faster and more accurate, which opens up new possibilities for new products and services because of consumer confidence in secure payments.

As the ecosystem evolves to be more secure, Visa envisions a future where we can reduce or eliminate the use of legacy verification methods as we continue to implement capabilities that leverage artificial intelligence and biometrics.

Biometrics is an authentication strategy that fits the modern payment system — a system shifting in transaction volume from in-person to digital transactions. Biometric authentication can deliver a frictionless payment experience for account holders while providing advanced authentication security and identity management for merchants, issuers, and acquirers to prevent fraud.

A survey commissioned by Visa in 2018 showed that consumers are showing more concern about the safety of their personal information, going from 65% in 2017 to 85% last year. Because of this, they welcome the use of biometrics as faster, easier, and more secure alternatives to passwords. Seventy-three percent of Filipino consumers are interested in using biometrics to verify identity or to make payments. With advancements in mobile devices increasing the accuracy and speed of fingerprint and voice biometrics, the time has never been better to integrate biometric technology into banking apps and payment experiences for customers.

For security-minded individuals, mobile device manufacturers have addressed concerns about stolen biometric information by storing and encrypting biometric templates — algorithmic representations instead of actual biometric attributes — locally on consumer-owned devices instead of the cloud. This ensures an individual is always in possession of their personal biometric data with the option to delete the data at any time. In addition, authentication accuracy is bolstered by liveness detection used by biometric scanners and software that can identify if a fingerprint is copied or a facial scan is of a mask.

It’s been roughly six years since fingerprint sensors were integrated into consumer smartphones and in this short amount of time, consumers have grown increasingly comfortable with the approach. The need for quick and easy authentication will only increase with the growth of digital products and services, and remembering unique passwords for every internet-connected device or app is untenable. Moving your product or service away from using passwords to some form of biometric authentication is not only imperative — it can be effectively done today.

World Password Day Infographic.gif

Tips for managing logins

Switch to biometric authentication, if available
Physical biometrics are much more difficult to replicate. Criminals would also have to take the extra step of stealing your hardware device in order to commit payment fraud. Many mobile devices and apps offer users the option to switch to biometrics to verify identity or make a purchase.

Turn on alerts or notifications
No solution is 100 percent foolproof and alerts are a good safeguard in case your login credentials are compromised. You are notified if your account is being accessed from a new device for the first time, even if legitimate credentials are used.

Use a password manager to manage and generate complex passwords
If switching over to biometrics isn’t an option, use a password manager from a reputable solution provider to store the passwords for your online accounts. Some password managers also help generate strong, complex passwords so you don’t have to struggle coming up with them on your own.