User authentication in payments: from security to experience

The new European payment regulation (PSD2), which is causing a stir among players in the payment ecosystem, will come into force on September 14. It introduces important changes to increase the security of transactions. Dual authentication, biometrics and user identification are fundamental concepts in the world of payments, but what exactly do they mean? What are the benefits they can provide?

The regulation establishes the obligation to require the user to have a strong customer authentication (Strong Customer Authentication), based on the use of two or more factors for identification. Such factors could be based on the knowledge (something the user knows, such as a PIN or a password), the possession (something the user knows, such as a PIN or a password), the possession (something the user knows, such as a PIN or a password), the knowledge (something the user knows, such as a PIN or a password), the knowledge (something the user knows, such as a PIN or a password), the knowledge n (something the user has, such as a card or mobile device) or the inheritance (something the user is, such as a fingerprint or iris).

This last point is where biometrics comes into play, a concept that has already been heard of, but is still new and has the necessary characteristics to evolve and become the most widely used form of authentication in the near future.

The momentum of biometrics is driven by two main reasons: security and user experience. Biomic elements are difficult to copy, since they are not a card that can be stolen or a password that can be easily found out, but elements inherent to the person that are generally non-transferable.

In terms of user experience, biometrics enables customer loyalty thanks to faster authentication, thus counteracting the negative effect that the mandatory double authentication established by PSD2 could have.

When payment is virtually invisible, customers are more likely to complete their purchases, especially in e-commerce, and even to repeat them thanks to the memory of a good experience. Therefore, biometrics is a fundamental technology, to which retailers must gradually adapt by integrating biomedical readers that meet all security requirements.

On the other hand, and beyond this general authentication, we find the KYC (Know Your Customer), which allows customer identification according to their personal and financial data. This tool offers retailers the possibility of compiling and analyzing identity documents, verifying data against third-party databases, creating a prediction of user behavior patterns and monitoring these behaviors for consistency. All this allows minimizing the risk of fraud and, therefore, increases security for both end customers and entities.

As we can see, security and user experience drive forms of identification and authentication, which are evolving at great speed, driven by legislation that seeks to protect the consumer and drive innovation. Therefore, José Luis Nevado, CEO and Founder of Sipay Plus, a payment gateway specialized in secure and invisible payment solutions, stresses the importance of “always being alert to detect future changes demanded by the market, regulation and also by customers, being prepared to face them and turn their challenges into opportunities to grow and innovate”.