By Asha Barbaschow ZDnet
Visa believes the payment industry can move away from passwords in the next five years thanks to advancements in authentication and anti-fraud technologies that are already making "static" cardholder verification (CVM) methods such as signature and PINs optional.
With the ability of financial institutions and merchants to share 10 times more data with each other than ever before, and the growing sophistication of artificial intelligence (AI) that is making fraud detection faster and more accurate, Visa head of product Axel Boye-Moller believes that as this ecosystem evolves to be more secure, and AI and biometrics capabilities further mature, there is a future where legacy verification methods are eventually eliminated.
"Over the last few years as mobile technology has evolved, we're seeing increasingly biometrics included in mobile hardware -- that's really starting to take off as more and more banks and other providers start rolling out mobile payment solutions," Boye-Moller told ZDNet.
"But there's still a lot of ground to cover. Passwords can be incredibly frustrating. You forget them and they can be stolen."
Additionally, Boye-Moller said as more payments are conducted via a mobile device, it becomes "very fiddly" to enter a password on smaller devices.
Increasingly, he added, there has been an explosion in the amount of connected devices that are accompanied by more online accounts and subscription-based payment requirements.
"We think biometrics is absolutely a critical part of that solution -- both convenient and secure," he said.
"The way they rolled out [mobile payments] standards is that every single transaction that is done or adopted is biometrically authenticated with a fingerprint or facial recognition."
While he said biometrics is part of the solution of moving to a password-free world, he believes it requires many other layers on top of that to drive more secure and convenient solutions.
"We believe that if we continue to collaborate strongly across industry we can we can reduce the current fraud rates by half by 2025," Boye-Moller added.
According to Boye-Moller, when that combination is done right, security doesn't come at the cost of convenience.
"With every new technology you're addressing new risks ... it's moving pretty quickly. Biometrics is a part of the solution and we think it's a really, really important part of the solution due to both security and convenience," he said.
"But there are additional layers around it, so you start layering in things like transaction notifications so you get alerts as a consumer when your payment card is being used, things like card controls, setting parameters around, and perhaps even in what geographies your card can be used ... those will help ensure that they continue to be able to shop securely and conveniently."
Over the past four to five years, Boye-Moller said Visa had reduced fraud by two-thirds. He said global fraud events today are at historic lows -- less than 0.1% of Visa's business volume.
"We also use artificial intelligence through our own network to help detect and prevent fraud which we have had in place actually since 1993, but we keep evolving it," Boye-Moller said.
"And for each Visa transaction, we can analyse in real-time -- in about one millisecond -- 500 or so different risk attributes on every single transaction to help determine whether that's likely to be a fraudulent transaction or not.
"All of this forms part of that future payment experience."
Touching on the idea of a potentially cashless society, Boye-Moller doesn't think the humble plastic -- or paper -- note will be replaced any time soon.
"Cash will be with us for a long time to come, but we will continue to see a decline in cash and the continuation of new electronic and digital payment services ... [until we get to] digital payments for everyone everywhere," he said.
Visa B2B Connect utilises open source Hyperledger Fabric framework from the Linux Foundation, in partnership with IBM.
The financial services giant has launched its 2020 and beyond roadmap first in Australia, focusing initially on biometrics for payment authorisation, '3-D Secure' fraud detection, and pushing the use of tokenisation.
Getting rid of passwords is a good idea, but we need to think through the consequences of the most likely replacement, too.
Are passwords obsolete? 5 things that could replace them (TechRepublic)
Employees are still using "123456" and "qwerty" far too often. Here are five ID forms that could better protect the enterprise to consider on World Password Day.