Mobile devices, biometrics and identity tokenization are helping to make passwordless identity authentication a reality, Rodger Desai, chief executive of Prove Identity, told Karen Webster of PYMNTS.
The payoffs are huge for consumers, Desai pointed out, because they won’t have to rack their brains to remember passwords or write them down to lose the post-it note. Companies that take advantage of passwordless authentication technology won’t find their call centers and support staff besieged by frustrated customers having trouble logging in. Security teams will have an easier time protecting themselves against hackers. And for merchants and banks, consumer loyalty increases because they are able to personalize transactions and interactions with data authorized by consumers.
Consumer behavior is indeed changing. Desai explained that people navigating the digital shift have found it easy and attractive to apply for a credit card or deposit account with just their phone number (Prove, he said, has been a key part of this). innovation). You’ve probably received a one-time password (OTP) text message to get the green light for a transaction or to log in to a site. But that’s just the beginning, Desai said. Forward-looking enterprises are already taking advantage of more advanced identity authentication technology that addresses some of the security vulnerabilities, cost and experience issues of OTPs.
“I just don’t think banks or merchants can bear their overreliance on OTP SMS any longer,” Desai told Webster.
Among its other lines of business, Prove secures a significant amount of OTPs for major banks and even bought a company, Authentify, from Early Warning, which provides layered digital multi-factor authentication.
“We secure them,” he said of OTPs, “but they are very expensive.”
They can also be easily manipulated socially, making entities and individuals who use them vulnerable. And traditional risk-based authentication models in banks and merchants tend to be random, as they use transaction history and large amounts of data to try to determine customer identities.
On the consumer side of the equation, Webster noted that there is continued comfort in using fingerprints/facial IDs to unlock devices to transact in an increasingly contactless world.
This confluence of factors, of using technology to prove that the person showing up on a site is authorized to use that site, underpinned Prove’s latest effort to essentially integrate authentication passively into digital experiences via the key cryptography of each mobile device.
“The key here is to come up with something more deterministic, because that’s the most accurate way,” he said of authentication – and that’s an improvement over ” guess” based on behavior patterns.
Prove Identity last month announced the launch of Prove Auth, which leverages something almost everyone has: the phone and more specifically the phone’s cryptographic key (that’s the SIM card). Prove’s Telephony Identity Network creates and issues consumer-level identity tokens that are linked to these SIM cards.
These encrypted identity tokens, he said, are already used for KYC purposes or to pre-populate a request (with explicit user consent). Desai predicted that this year the company will perform over 60 million pre-fills in the United States. The tokens themselves can be issued in real time as consumers get new phones or change numbers, ensuring a continuum of data protection and privacy. A consumer can use their phone to create an account with just a few clicks and then be prompted to decide if they want to skip the password.
The Financial Information Binder Moves With Consumers
According to Desai, merchants and financial institutions are going to get heavily involved in mobile-centric crypto authentication.
The day isn’t far off when his face launches an account and gives the (literal) nod for authorized data to be in a wide range of use cases. In this case, if a user’s phone alerted the consumer that, hypothetically, Carvana wanted the potential car buyer’s identity, income, credit score (all frictionless), and the authorization was granted, the best personalized offer could be proposed on the place.
“It’s like a privacy-enhanced filing cabinet for your financial information,” Desai said. This workbook moves with the individual in daily life with their permission, so as to generate “real value for everyone – for the merchant, for the bank and for the consumer”.
The passwordless future may have been a long time coming. But, as Desai said, now is the time.
How consumers pay online with stored credentials
Convenience drives some consumers to store their payment credentials with merchants, while security concerns give other customers pause. For “How We Pay Digitally: Stored Credentials Edition,” a collaboration with Amazon Web Services, PYMNTS surveyed 2,102 US consumers to analyze the consumer dilemma and reveal how merchants can overcome holdouts.
#Mobile #devices #moving #passwordless #future