Mobile devices transfer the future without a password to now

Mobile devices, biometrics, and identity tokenization help make passwordless identity authentication a reality, Rodger Desaithe CEO of Proof of Identity, told Karen Webster of PYMNTS.

The payoff is huge for consumers, Desai noted, because they won’t have to wrack their brains over remembering passwords or typing them in only to lose what’s next. Businesses that take advantage of passwordless authentication technology will not have their call centers and support staff besieged by frustrated customers having trouble logging in. And security teams will find it easier to protect against hackers. And for merchants and banks, consumer loyalty increases because they are able to customize transactions and interactions with the data that the consumer allows.

Consumer behavior is already changing. Desai explained that individuals navigating digital transformation have found it easy and attractive to apply for a credit card or deposit account with just their phone number (proveHe said, it was a key part of that innovation). You’ve no doubt received a one-time SMS (OTP) to get the green light for a transaction or to log into a site. But this is just the beginning, Desai said. Companies looking to the future are already benefiting from more advanced identity authentication technology that solves some of the security, cost, and experience weaknesses of OTPs.

“I don’t think banks or merchants can afford their over-reliance on SMS OTP for much longer,” Desai told Webster.

Among its other lines of business, Prove secures a great deal of OTPs for major banks and has even bought a company, Authentify, from Early Warning, which provides multi-factor digital authentication.

He said of OTPs, “We insure them, but they are very expensive.”

They can also be easily socialized, leaving the entities and individuals who use them vulnerable. Traditional risk-based authentication models at banks and merchants tend to be hit and miss because they use transaction history and a wealth of data to try to identify customers.

On the consumer side of the equation, Webster noted that there is continued convenience in using thumbprints/face IDs to unlock devices for transactions in an increasingly contactless world.

This confluence of factors, the use of technology to prove that a person appearing on a site is authorized to use that site, has fueled Prove’s latest effort to passively embed authentication into digital experiences via an encryption key in every mobile device.

“The key here is to get to something more deterministic, because that’s the most accurate method,” he said of validation — an improvement over “guessing” based on behavior patterns.

The proof of identity was announced last month The debut of Prove Auth, which takes advantage of something almost everyone has: the phone and more specifically, the phone’s encryption key (that’s the SIM card). The phone’s Poof-of-Phone network generates and issues consumer-level identification codes associated with these SIM cards.

He said that these encrypted identity tokens are already being used for KYC purposes or to pre-populate an application (with the user’s explicit consent). Desai predicts that this year the company will complete more than 60 million pre-fills in the US. The tokens themselves can be issued in real time as consumers get new phones or change numbers, ensuring continued data and privacy protection. The consumer can use their phone to create an account with just a few clicks and are then asked if they wish not to use the password.

The financial information filing cabinet is moving with consumers

According to Desai, merchants and financial institutions will be signing up for mobile-focused cryptographic authentication in a big way.

The day is not far off where the face releases computation and gives the (literal) nod to authorized data across a wide range of use cases. In this case, if the user’s phone alerted the consumer that, hypothetically, Carvana wanted the potential car buyer’s identity, income, and credit score (all frictionless), and that permission was granted, the best customized deal could be offered on the spot.

“It’s like a privacy-enhanced filing cabinet for your financial information,” Desai said. This filing cabinet moves with the individual through daily life with their permission, in ways that can generate “real value for everyone – for the merchant, the bank and the consumer”.

Perhaps the future without a password was long overdue. But, as Desai said, now is the time.

How consumers pay online using stored credentials
The convenience is driving some consumers to store their payment credentials with merchants, while security concerns are giving other customers pause. For “How We Pay Digital: Stored Credentials Edition,” a collaboration with Amazon Web Services, PYMNTS surveyed 2,102 US consumers to analyze the consumers’ dilemma and reveal how merchants can make money.

Leave a Comment