Biometric Identification is the Future for CNP Fraud Prevention

In January of this year, Mastercard announced that by the second quarter of 2019 all customers will be able to identify themselves with biometrics. The push for such technologies has been driven by the increase in mobile technology and online shopping methods, these innovations have brought with them the increased risk of identity theft and CNP fraud. Consequently, creating a need for trustworthy and secure online payment methods.

The first instalment of 3D Secure, a secure online payment protocol, relied on pre-set passwords previously set up with the financial institution associated with the card. This password was then entered through a pop-up window at the checkout process. Once the buyers’ identity had been proven to be authentic, the checkout process would then be completed.

3D secure proved to be an effective method of identity verification, combating fraudulent transactions. Although with the rise of additional eCommerce platforms and increasingly imaginative fraudsters, there became a need for savvier identity verification models.

These days most mobile phones are equipped with biometric identification abilities, therefore the second version of 3D Secure will utilise this. Version 2 looks to implement biometric identification tools such as finger print scanning, iris scanning and facial recognition, as these can be easily integrated with the technology in mobile phones.

3D secure 2 utilises the process of risk-based authentication, where customers will only undergo the extra security steps if the level of risk involved in the transaction is identified to be below a certain threshold.  This facilitates frictionless flow, streamlining the transaction experience for an estimated 95% of customers.

Mastercard’s announcement is just the first step towards the standardisation of biometric checkout technology. All financial institutions offering Mastercard branded cards must provide the option of biometric verification to all their users. Currently biometrics is said to be the method of choice for identity verification, therefore we can say with certainty that other credit card companies will be sure to follow Mastercard’s lead.

Furthermore, payment regulations are in favour of biometrics. The EU’s new regulatory requirements under the second Payment Services Directive has placed a strong emphasis on the use of biometrics to validate card not present digital payments, where it is especially challenging to verify if the purchaser is the authorised card holder. Strong Consumer Authentication (SCA) is specifically targeted towards this.

SCA authorisation systems will utilise three different types of independent information to verify customers identities. Two of the three verification elements must be provided to authenticate the transaction. These three verification elements are:

  • Information the buyer knows: password, PIN
  • Something the buyer possesses: card, mobile phone, hardware token
  • Something the buyer is: biometrics – finger prints, facial recognition, iris scanning

SCA will come into full effect during 2019 as a mandatory step for online merchants to implement throughout the EU, thus biometric identification will evolve into a necessary part of most online purchases.

Biometric identification holds an array of benefits when used as a tool to verify individuals identity. Through Mastercard’s announcement and the SCA, we can already see its vast adoption and importance within the eCommerce payment industry.  Further, the implementation of biometrics within 3D Secure 2 will significantly lower the frequency of fraudulent transactions and speed up the transaction process. Ultimately improving the safety and reliability of card-not-present online transactions for all of society.