Almost $2 trillion in payments crisscrossed the globe in 2020, ranging from mere cents for a pack of gum at a convenience store to billions of dollars in corporate acquisitions and government contracts. All these payments, no matter the size, have one thing in common: They must be authenticated to ensure that the money is coming from a legitimate source, is arriving to a legitimate recipient and is not intercepted by a bad actor along the way. Losses due to credit card fraud alone hit nearly $29 billion last year, underlining the urgency of the threat authentication is meant to counter.
Authenticating these payments is much easier said than done, however, sometimes leading to customer frictions so pronounced that they discourage payments from even being completed. Recent research found that nearly half of all consumers in the U.S. had abandoned a sign-up process due to difficulty or untrustworthiness, representing a massive potential revenue loss that could dwarf the losses caused by fraudsters. Federated identity solutions can offer the best of both worlds when it comes to security and convenience, and they are rapidly gaining steam among payments providers and other companies as a result.
The following Deep Dive explores the multitude of fraud threats facing payments, the challenges with existing verification systems and how federated identity systems can help provide a secure yet seamless payments experience for consumers.
Fraud Threats And Authentication Challenges
Fraud attempts against payments are as numerous as they are diverse, with bad actors deploying a variety of tactics. One particularly damaging technique is known as pagejacking, which consists of fraudsters rerouting traffic from popular online stores to their own checkout pages where they can intercept purchases. A related type of fraud is known as merchant identity fraud, consisting of bad actors setting up merchant accounts that are visually identical to well-known eCommerce pages to dupe customers into making purchases at their fraudulent websites. Other bad actors attempt to scam merchants rather than customers by impersonating customers’ identities and using stolen payment data to make illegitimate purchases.
These threats can potentially be countered through payments authentication, confirming that both the customers and merchants are who they say they are before transferring funds. The problem is that many payments providers and banks lack the ability to authenticate users securely and seamlessly, often sacrificing one quality for the other. A recent study found that while 72 percent of banks in the U.K. use digital authentication methods, just 36 percent capture customer identity data and verify it in the same channel. This means that customers must download a secondary app or scan documents to complete the secure authentication process, an extra step that 32 percent of customers said would drive them to abandon the process altogether.
Payments authentication must be both secure and seamless to be effective, or else profits could be lost either to fraud or to checkout abandonment. One technique growing in popularity that purports to fill the bill is federated identity.
How Federated Identity Threads The Needle Between Convenience And Security
Federated identity at its core is a means of linking all of a user’s accounts and login credentials across multiple identity management systems. The most common type of federated identity is known as single sign-on (SSO), allowing a user to enter a single username and password into a system that then gives access to all the services linked to it. It is commonly confused with password managers, but the key difference is that SSO systems rely on trust-based security tokens to manage access, whereas password managers just generate more passwords.
The convenience benefits of federated identity are apparent: Users have to remember only a single username and password, enabling easy access to multiple accounts without recycling passwords. This reduces both the likelihood of fraudsters breaching multiple accounts by cracking a singly shared password and the frustration of forgetting which password works for which website. More than half of consumers rely on their own memory for passwords, which leads them to recycle the same passwords over and over again and increases their risk of account compromise in a data breach.
The lack of reliance on passwords also improves the authentication security of federated identity solutions. Of the 53 percent of individuals who use the same password for multiple accounts, 62 percent use the same passwords for up to seven accounts and 10 percent use them for more than 10 accounts. Forty-four percent use personal passwords at work, and just 38 percent of employees in leadership positions say their work passwords are unique.
Eliminating passwords as a widespread authentication system reduces the chances of fraudsters infiltrating accounts and making fraudulent purchases that could potentially cost consumers and corporations millions of dollars. Federated identity solutions like SSO could be an important first step in this cleanse.