Consumers will soon be able to forget about PINs and frustratingly long 16-digit card numbers when shopping online and in the real world, as Visa moves to make Australian banks build infrastructure and put in place policies to empower biometric authentication for transactions.
A new Visa security roadmap outlines a four-year process for Australian banks to adopt new biometric authentication standards for e-commerce transactions, designed to streamline the purchasing process and reduce fraud, while implementing new information-sharing practices and tokenisation technology – writes Christina Parlay, Biometrics statistician and researcher at Deloitte.
Visa Asia-Pacific senior vice-president Joe Cunningham told The Australian Financial Review it aimed to make the purchasing process simpler and quicker for shoppers, while also making it more secure.
“What we want to get to is this totally fluid, on-bound experience,” he said.
“You’re on a journey on the train, or at the airport, and you’re browsing and see something interesting on the web and you want to perform a transaction to buy it, or gift it … no one wants to remember the 16-digit card number and type it in … You will be able to use your fingerprint, that’s embedded in the Visa checkout experience, or the merchant’s online service.”
He said the biometric authentication process would be “fully embedded”, in the same way that Uber has removed the need for drivers and customers to conduct any transaction between them, due to both being authenticated earlier in the process.
As well as online transactions, Mr Cunningham said Visa’s standards also supported fingerprint scans being used for face-to-face transactions.
“Today and into the future people expect to be able to use their phones as an alternative to cards and so long as it’s a contactless device, they will simply be able to use their fingerprint as authentication,” he said.
“Sometimes you won’t even need a fingerprint, you will have the control, but transactions over $100 will need it as authentication.”
The Australian roadmap forms part of a global push by Visa to urge the financial services sector to embrace its version of innovation in a secure way.
Mr Cunningham said it has different versions for the US, Canada and markets in Asia, which have been tailored to the banking environments in those countries following consultation with key stakeholders.
The local set of recommendations focused predominantly on the e-commerce environment, as he said that is where Visa had identified the largest growth in transactions and fraud risks.
The roadmap urges banks to adopt new 3-D Secure authentication protocols, which replace a version that’s 15 years old, and also to utilise tokenisation, in which a card’s 16-digit number is replaced with a token in e-commerce transactions that is useless for cyber criminals to steal.
Mr Cunningham said underpinning these new procedures was a shift to sharing more data between card companies, the banks and merchants and a devaluation of data.
He said there was currently surprisingly little information sharing between merchants and banks, but that its new protocols would see 11 pieces of data that could be tracked and authenticated.
“You may be shopping at JB Hi-Fi and you’ve been a member there for 13 years. They will know a lot about you, that you’re a regular shopper, which account is used on a regular basis and that you shop online only on Fridays from the same IP address,” he said.
“They will also share information on what device you’re using and the issuer will pass information back as well. Then if something looks different, they will know to double check it’s the right person making the transaction by sending a one-time passcode to their registered mobile asking them to enter that piece of information.”