Strong User Authentication

To ensure the security of the payment system, we need to authenticate the identity of each person making a payment. There are numerous ways to do this, both in-person and online. Unfortunately, very few of these ways have been approved or deployed by the card networks across the payment system.

Innovation is coming by way of mobile and Internet-driven payment methods that validate a user’s identity, such as biometrics, text-message codes and back-end algorithms to identify fraud. But the “chip” cards that are used at in-store terminals do not require these or any other kinds of secondary authentication – not even PIN, which has been required outside of the U.S. for credit transactions for more than a decade and at ATMs for more than 30 years.

SPP believes that the payment system should recognize, accommodate and demand results-driven authentication that will give consumers the speed and convenience they want and the security they need. In the near term, we believe PIN should be enabled on credit cards, just like most of the rest of the world, for merchants who want to utilize PIN. That technology is readily available through the EMV machines in which store owners have already invested billions of dollars.

But the drive for strong authentication must not end there. Authentication technologies can and should innovate and develop with the cooperation of businesses throughout the payments system to develop new and better ways to make sure that card users are who they say they are. Technology advancement should happen for in-store, online and mobile transactions. And merchants accepting cards should be allowed to use authentication technologies that work in other arenas. That will allow them to tailor solutions to their own risks without one sector imposing restrictions that limit fraud prevention.