Remember how preventing fraud with 3D Secure used to disrupt e-commerce transactions, frequently leading to cart abandonment and, no doubt, a fair amount of frustration for customers? Risk-based authentication eliminated friction from consumer transactions long ago. Adopted originally by the financial services industry, where it’s now widely deployed, risk-based authentication has become a familiar experience for customers, and it’s gaining popularity, more specifically within the latest 3D Secure 2.0 protocol.
As the name suggests, risk-based authentication assesses each transaction based on specific attributes known to contribute to risk such as the user’s device, behavior, and location. For example, when a transaction originates from a new device, RSA research shows a three-fold rise in fraud occurs. Only if the transaction is deemed risky will the user be asked for additional verification—and this occurs in less than five percent of logins and transactions on average.
The Problem with Passwords
Risk-based authentication is, however, only as good as that extra level of verification. That’s why the European Banking Association Payment Service Directive II (PSD2) recommends a combination of risk-based authentication and biometrics to secure financial transactions, acknowledging just how insecure the prevailing method of authentication—usernames and passwords—actually is.
Today, the prevalence of password breaches has caused it to be the top cybersecurity concern among 60 percent of consumers, according to a recent survey. But they don’t always act on their concerns—more than one in four use the same password for most of their online accounts.
Do Your Customers Trust Biometrics?
When (Read more...)
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Heidi Bleau. Read the original post at: http://www.rsa.com/en-us/blog/2018-01/how-to-solve-the-consumer-authentication-conundrum.html