Footloose and Friction-Free: Why We Need to Move Beyond Multi-Factor Authentication
Posted February 10, 2015
Sometimes the pace of consumer adoption of security technology can be mind-numbingly slow. We’ve known for over a decade that password-based authentication systems are fundamentally flawed. But it’s taken until now for multi-factor authentication (MFA) alternatives to really take off. Now ABI Research is predicting that the associated software and services market will be worth $1.6 billion by the end of the year and $13.3bn by 2020. The only problem is that the technology has moved on again now.
MFA was out-of-date before it even went mainstream. It’s time for customer-facing companies to think bigger, and better.
MFA has in fact been around for years. Just think about using your debit card at an ATM: that combines the “something you hold” – in this case the card – with the “something you know” – your PIN. It’s a model that’s worked pretty well in the bricks and mortar world and will continue long into the future, even with the prospect of biometric authentication on the horizon led by the likes of Apple Pay and its Touch ID system.
But what works in the physical world doesn’t always translate well online. Users want frictionless access to their web-based accounts and they want seamless check-out experiences from their e-commerce providers. Multi-factor and out-of-band authentication slows things down and adds an extra step or five into the whole user experience. Supporters will say that this is important to maximise fraud prevention. But when there are more user-friendly and no less secure alternatives around, it’s pretty reckless commercially to risk losing customers like this.
The cost of fraud
MFA systems are not only expensive to roll-out in their own right, they could actively chip away at top-line revenue by increasing abandonment rates. Put simply, treating the customer as “guilty until proven innocent” like this isn’t going to win any converts, and could lose you more than just a few. That’s the true cost of fraud if you implement clunky, user-unfriendly authentication technology.
At ThreatMetrix® we actually worked out that cart abandonment due to user friction is 10 times more costly than online fraud itself. To put that in perspective, we estimated last Christmas that UK retailers were at risk of losing up to £225 million as a result of poor investments in fraud prevention tools.
Footloose and friction-free
The answer lies in frictionless, highly accurate fraud prevention that is completely invisible to the user. This isn’t a long-term aspiration: the technology is here today and being used by over 3,000 ThreatMetrix customers worldwide. Our ThreatMetrix® Global Trust Intelligence Network processes 1 billion transactions each month, applying big data intelligence to behavioural, device and identity information to calculate if a transaction is fraudulent or not. It’s all about harnessing the power of shared, anonymised data to produce the most accurate results possible. All of this happens in less time than it took you to read that last sentence, and for only a fraction of a penny per transaction.
Isn’t it time we started thinking beyond multi-factor?