Any business tries to make authentication as easy for its customers as it can be – while keeping it secure enough. This, combined with KYC policy, encourages using new solutions, like device fingerprinting technology, to avoid complicated authorization process and at the same time prevent fraud.

What’s Authentication?

In short, authentication is confirmation of the user’s identity that allows them to perform certain actions within a protected area. When it comes to, say, e-commerce, it means:

authentication on your shop site (usually requires an email and user-generated password)

authentication on third-party services (like bank sites and apps or payment gateways)

Both are necessary for the functioning of your shop. In the perfect world, the customer simply enters their details to log in, chooses the goods to buy, clicks “Pay”, and gets the goods packed and shipped. In reality, we need at least one more authentication via a payment gateway.

Knowing, Having, Being

Though there are many variations of authentication, there are only three basic aspects that are used to confirm one’s identity:

Something the customer knows. It can be a password, a PIN code, a key phrase, or something else, including single-use links. This is where authentication starts, but this aspect has vulnerabilities, as this information can be stolen or forgotten.

Something the customer has. No matter if it’s a physical object (a smartphone, or computer, a special dongle, or whatever) or a virtual one (a phone number, an email, or wherever they can access their messages). Not the perfect one also, as phones can be stolen or lost, and numbers and emails can be changed as well.

Something the customer is. We’re speaking biometrics. With a device owned by the customer, the merchant, or third-party, they use their actual fingerprint, face, voice, retina, or possibly DNA in a not-so-distant future, for authentication.

SCA regulations (implemented in Europe in 2019) supposes that any two of these three aspects are enough for strong customer authentication or SCA. Despite the weaknesses each of them has, a combination of two is quite enough.

When the Pieces Don’t Fit

What’s the meaning of authentication? The user provides their details, the system checks whether they are correct and if so, the user is granted access to their account, for a single operation (like payment through the gateway) or the entire array of operations available in the dashboard.

But passwords may leak, and phones can be stolen. Can it be detected? Yes, through device fingerprinting or DFP. It’s the rationalization of that gut feeling when something seems right but feels wrong. In short, DFP checks whether the combined details (card number, transaction time, delivery address, user location, the app or browser version, the platform type, the hardware ID, etc.) fit the transaction history. It also rates whether the deviations can be rationalized, or whether they indicate fraud. If the latter chance is too high, the transaction is declined automatically, and the parties get notified.

Digital Fingers Crossed

Let’s hope you don’t fall victim to digital fraud, though numbers indicate the chances of it are there. New methods arise each year, keeping user authentication a crucial part of online trading. So a business interested in both making it easier for customers and more secure overall, needs to track new security inventions.