28 August, 2018
Criminals go wherever there is an opportunity. The ripest opportunity is online and especially via mobile devices. With more people shopping and making online or mobile payments, as noted by a Juniper Research report, the potential to steal personal and financial data has hit a new high.
The Federal Reserve Payments Study: 2017 Annual Supplement noted that fraud made a significant shift from in-person to remote around 2015 and has since increased. While the use of chip cards has helped to reduce in-person card fraud, the focus is on how to combat card-not-present (CNP) fraud, which includes telephone, mail-order, and online payments.
A 2017 U.S. Payments Forum report cited statistics that showed CNP fraud represent 40 percent of total U.S. card fraud in 2012 and 45 percent in 2014 — with ongoing increases through 2018.
The 2018 AFP® Payments Fraud and Control Survey Report noted that “larger organizations with fewer than 26 payment accounts have been more vulnerable to payment fraud attacks than were other companies. At least 80 percent of these organizations have been victims of payments fraud in each of the past three years.”
To fight the growing fraud, organizations have started investing in various types of security technology tools and platforms. Enhanced online payment security methods include tokenization, behavioral analytics, biometrics, and 3D Secure (3DS). Each of these security technologies takes a different approach to verifying identity, including tokens, human behavior patterns, fingerprints and facial recognition, and multiple security protocols.
The primary focus of all payment verification online has been centered on authentication for websites, electronic banking platforms, and mobile apps. For authentication to be successful, customers have to be willing to participate in the required actions. They’ve cooperated by creating strong passwords and install virus-protection software on all of their devices. Also, customers must agree to go through the process of regularly submitting key pieces of information to prove their identity every time they want to conduct a transaction. In their minds, this is a hassle and can take away from the overall customer experience.
Tools include knowledge-based authentication. This is where static or dynamic secret questions are used to verify a user’s identity based on previously provided answers when signing up for an account. Then, out-of-band authentication challenges require that a user access a one-time-only code that’s sent to another device and must be entered correctly to gain account access.
Despite some proven success with these security technology tools, many companies have yet to adopt these technologies because they are unsure of the investment cost or they are concerned about the complexity it may add to the customer experience. Enter the blockchain –touted as a solution for payment fraud that uses identity verification and personal data ownership.
The answer to the fraud prevention question has been to let consumers have more power over their data. This is already the norm in the European Union thanks to the General Data Protection Regulation (GDPR). Unlike other authentication methods, blockchain puts data control in the hands of individuals to dictate where it is shared for identification purposes rather than insist they share their data before a transaction can be completed.
For example, VeriToken offers an identity verification platform that leverages blockchain, providing each user with data ownership as a way to stop identity theft. Users create a cryptocurrency wallet, which allows them to associate that wallet’s blockchain address with their identity. The wallet contains a data repository for that user’s data. From there, the user can grant limited or unlimited access to specific data that represents their identity.
Driving this wallet capability are Decentralized Identifiers or DIDs. These private URLs are stored on a blockchain ledger. Each one is used for one piece of the user’s identity as a social security number, address, driver’s license, date of birth, etc. Now, the user no longer has to organize all this important information and continually re-enter it for each transaction. The user no longer has to remember answers to security questions or consult another device for a code to enter before finishing a payment.
The number of companies providing identity verification solutions around blockchain is growing. An article from Medici listed 21 revolutionary firms that illustrate the potential this technology has to improve authentication and identity verification for all types of industries and applications. Besides the type of technology leveraged, the common thread tying all these companies together is their ability to maintain privacy. With privacy, a person has increase consumer control over their own personal data, and vastly improves the speed and accuracy of the identification verification process.
Already, banks are realizing how blockchain addresses digital identity challenges related to regulatory compliance about new identity laws, greater fraud concerns, and the need to provide better customer experiences, including fast, easy payments and money transfers.
For example, IBM is working with a network of banks in Australia/New Zealand as well as Polynesian nations like Fiji to implement blockchain platforms from Stellar for secure cross-border payments. Other companies are following suit with blockchain solutions for payments, such as BitPesa for wire transfers for African business owners.
Other companies like Germany-based Bitwala are positioning themselves as the blockchain bank for the digital generation. For consumers, this is offering a way to put all financial transactions into the blockchain world with a cryptocurrency wallet. The wallet is them controlled by the consumer. They have a dashboard to control all direct debits for automatic payments like utilities and subscriptions, and a contactless debit card for in-store and online purchases and ATM transactions — all in one place.
The blockchain is helping banks and other payment companies all over the world to verify identities and owners of bank accounts to minimize fraudulent transactions. This then frees the consumer (or users) to enjoy convenient, secure transactions across all devices and alleviates unnecessary stress over these security issues.