Payment authentication

Entersekt | Encyclopedia | Payment authentication
What is payment authentication?

Payment authentication involves verifying the identity of users during payment transactions to ensure the security and legitimacy of the transaction. It is a fraud prevention measure for payments that helps financial institutions differentiate between their customers and fraudsters at the point of purchase. 3-D Secure is one example of a payment authentication measure.

How does payment authentication work?

Payment authentication tools utilize authentication factors, which can include the knowledge factor (like a password), the possession factor (like the customer’s device) or the inherence factor (like the customer’s biometrics) to verify the identity of the person transacting or logging in.

To add additional security and streamline digital payments, banks may include measures like 3-D Secure to protect customers from digital payment fraud and modern customer authentication tools like biometrics to quickly verify that the person making the payment is who they say they are. For instance, approving a payment with a biometric fingerprint scan.

Why is a balance between payment security and user experience essential?

If financial institutions include payment security that adds a lot of friction, it can frustrate customers leading to card abandonment, and eventually customer churn. With modern authentication solutions, like EMV 3DS, FIs can provide strong security that complies with global regulations, without disrupting the customer experience. As a result, customers can trust that their provider prioritizes the security of their payment transaction, but also the convenience of the customer experience.

What are the most common payment authentication methods?

Within their payment authentication solution, FIs may utilize one-time password (OTP) technology to verify a customer’s identity. In this case, the customer is sent a one-time password or a one-time pin via text message. They enter that OTP to prove it is them making the payment. However, OTPs can easily be intercepted by hackers, especially if used as the only method of authentication.

High-risk or unusual payments could trigger step-up authentication in some banking security systems. In this case, one solution is to send a push notification to the customer’s mobile device to verify their identity and to double-check they want to action the payment.

Biometric authentication is a modern authentication method that providers can use to verify their customer’s identity during online payments. Customers can quickly scan their face or thumbprint, for instance, and if approved, continue the payment process without unnecessary disruptions.

Payment authentication regulations

In the payments industry, there are numerous regulations or standards that financial institutions need to adhere to.

These protocols include the Second Payment Services Directive (PSD2), the second version of the electronic payment regulation in Europe, which supports security and innovation for e-commerce payments.

Strong Customer Authentication (or SCA) was a regulation introduced by PSD2, which requires digital payment transactions to include multi-factor authentication in the United Kingdom and Europe.

3-D Secure 2.0 or EMV 3-D Secure is a payment security protocol maintained by EMVCo. This fraud prevention technology provides strong payment security without unnecessarily disrupting the checkout process.

Payment authentication vs authorization

Payment authentication and payment authorization may sound like the same thing, but they are different. Payment authentication is the process of verifying that the person making a purchase is who they say they are.

Payment authorization is the process of verifying the amount that will be paid, and whether the customer has enough funds to make the payment.

Further resources:


Payment authentication | 3-D Secure | Multi-factor authentication