Risk-based authentication for ‘frictionless’ customer experience
Strong authentication used for risky customers or transactions
Less customer friction could reduce CNP fraud, as merchants likely retain more sales
Source: The Paypers
Point of View
ThreatMetrix, global online authentication and fraud-detection specialist, has launched a new service called Smart Authentication, which integrates risk-based and strong authentication to verify customer identity in online card transactions.
With traditional online verification services, such as Verified by Visa or MasterCard SecureCode, using strong authentication, customers must perform an extra step at check-out. Merchants are disinclined to use a verification service because it creates ‘friction’ for the customer. And friction leads to cart abandonment.
Risk-based authentication on the other hand is designed to be ‘frictionless’. ThreatMetrix performs risk-based authentication to verify a merchant’s customer based on their anonymised ‘digital persona’. ThreatMetrix pieces together customer personas using proprietary crowdsourced data.
ThreatMetrix’s merchant clients use these digital personas to identify legitimate customers without an extra authentication step. If risk-based authentication deems a persona or transaction to be risky, or if regulation requires it, merchants can invoke strong authentication.
ThreatMetrix collects its data from “people, their devices, accounts, and locations, and the businesses with which they interact” continuously through its Digital Identity Network. It verifies more than 75 million transactions each day and one of the world's largest data warehouses. Each transaction it verifies contributes to enhancing the precision of its risk-based authentication service
A major focus of the payments industry is combatting CNP fraud. In 2016, CNP fraud made up 78 per cent of total fraud on domestically issued cards. The total value of fraud on these cards nearly doubled between 2013 and 2016.
During 2016, Australian Payments Network commissioned research into CNP fraud, which highlighted areas where industry could focus. These include merchant education, risk-based authentication and new online authentication methods such as biometrics, geo-location and social media. Furthermore, Australian Payments Network recommends that acquirers should encourage merchants to implement risk-based cardholder authentication, in its Best Practice Guidelines for CNP Transactions, published earlier in 2017.
While secure authentication is available in Australia, few online merchants use these services, preferring to wear the cost of fraud rather than risk losing customers at check-out. Risk-based authentication could therefore be a more attractive alternative to merchants. Perhaps ThreatMetrix might be a provider of that service.