South African banks are having to revisit their choices around authentication technology as new protocols become available and consumer behaviour swings towards a massive take-up of mobile transactions, according to Neil Bester, products senior vice president at Entersekt.

As a result as many as half of all online transactions in South Africa are not completed because consumers find the authentication process too cumbersome, he said. Another barrier is that some authentication systems themselves may erroneously decline legitimate transactions.

“Consumers generally demand and expect high levels of online security during transactions, but some do not want to expend much time and effort themselves to ensure this, and others want to be highly involved in authorising online purchases explicitly,” he said.

“In e-commerce, abandonment is a huge issue – consumers beginning a transaction but not completing it. Fortunately, mobile commerce offers some innovative solutions through banking apps, which are secure and able to deliver a growing number of transactional services.”

Current authentication

According to Bester there are currently two main types of authentication which provide protection for consumers who make purchases online.

Risk-based authentication (RBA), popular in the US, requires virtually no input from the user. There is a certain amount of intelligence built into the system (it knows a user’s location and transaction history, for example) so that it can determine whether the user’s behaviour is consistent with their profile and then approve transactions on that basis.

But it’s also not foolproof – a large percentage of its assessments turn down legitimate transactions.

In Europe and South Africa, however, multi-factor authentication (MFA) is the norm and requires some input from users – systems ask consumers to explicitly authorise their transactions by providing authentication.

Many local users are more comfortable with this system because not being asked to provide authentication feels “too easy”.

‘It’s against this background that we see MFA as a stronger contender for authentication going forward – there’s less scope for false declines – but the process has to be made painless as possible,” said Bester.

How banks are changing

As a growing number of transactions are conducted from mobile devices, banking apps are seen as a way of consolidating all online financial activities – including authentication, noted Bester.

“Consumers want to feel secure and banks can build this into the authentication process. With MFA authentication people feel that banks won’t do anything without asking their permission first – it’s this sort of affirmation that builds trust into a brand.”

He outlined three points that banks would have to address going forward:

Size – the sheer magnitude of e-commerce is exponentially bigger than it was in the 1990s – it is now a prominent channel for most businesses and inextricably linked to their brand and core operations;

Mobile – what used to work adequately on a website does not necessarily translate to a good experience on mobile devices. A “mobile-first” approach is needed;

Improved intelligence – organisations can use the data they have about their customers to market more relevant goods and services to them. Systems are able to extract useful information from profiles and buying patterns – they are not just payment enablers.

“Historically, banks and card issuers kept their e-commerce-enabling technology (access control servers [ACS]) as isolated systems. In the early days of the Internet this was faster, more convenient and easier to cost.”

“But because these older authentication and card systems are now isolated from banks’ more modern “live” data systems, it’s difficult to bring them in line with current consumer expectations of a smooth, easy online transaction experience. Authentication should be simple.”

He noted that as technology is increasingly built around consumer behaviour this extends to authentication.

“Getting it right dramatically reduces transaction abandonment, provides a better consumer experience and opens up a wealth of possibilities for new transactional services delivered via banking apps.”

Read: FNB targets ‘businessism’ for SMEs