martes, 3 de junio de 2014

Risk Management views at Authentication level. Time for the banks to move on?...

Last February I had the honour to speak at the Merchant Payments Ecosystem Conference held in Berlin, where I briefly shared my views about a key topic that is emerging again in payments and risk management, which is Authentication and Identity Management.

With the rise of mobile commerce, new initiatives are emerging to close the gap between the always complex process of authenticating and validating customer regristation or login in a CNP environment (cardholder non-present). It seems that Biometrics is finally taking off after many years of speculation about its real potential, and some vendors are taking advantage of this momentum. Some of them are simply launching optical and facial recognition KYC processes with a great UX flow that enable merchants to capture customer personal details and documents with a quick "hold and scan in front of the cam" way. However, we must differentiate between valid biometric data and old fashion OCR technology.

Seen below is an abstract of what I talked about. Like in many of my posts, the subject is far too broad and deep to go into very much detail. Otherwise, it will be far too long and boring, such as the million pages whitepapers we must read almost every week :)

To conclude, I would simply add 7 key take aways from this exciting and complicated subject:
  • KYC is not only becoming critical at customer level on a B2C environment but also at B2B, G2C and B2E. We live in big brother world and the more we think we know someone, the more data we need to be certain.
  • Payments will become mainstream and almost a commodity very soon, but identity and risk management are the new currency everyone will fight for.
  • Old school banks must adapt as soon as possible as they are losing track far too fast in the new payments and identity world we all live in.
  • A secure and simple deployment of multi-factor authentication will be the key to move on to the new level of security that most businesses demand, especially after the recent increase of data breaches like Target, eBay, etc.
  • Account take-over is also a major concern for many merchants, especially for those who are moving into a wallet type of service, where their customers hold either valuable data, money or any other sort of virtual goods or currencies that can be hacked, dumped, or traded.
  • Offline environments and the retail sector can play a great role in the authentication and acquisition game of any business. Omni-channel businesses must take advantage of their own retail division and/or partner with another offline merchant in this complex game of authenticating customers.
  • Do we trust these new vendors more than governments when it comes to storing our real biometric data? Will there be a certified and centralised secure place where all our unique biometric data is checked against the data captured by these new vendors?... Who do we trust in this big brother and fragmented world where our data is stored in many different places?

Any comments?...

No hay comentarios:

Publicar un comentario