Mobile Devices Move Passwordless Future to Now

Mobile devices, biometrics and identity tokenization are helping make passwordless identity authentication a reality, Prove Identity chief executive officer Rodger Desai told PYMNTS’ Karen Webster.

The benefits to consumers are huge, Desai pointed out, as they don’t have to rack their brains to remember passwords or write them down only to lose the post-it. Businesses using passwordless authentication technology will not see their call centers and support staff besieged by frustrated customers who are having trouble logging in. Security teams will find it easier to protect themselves from hackers. And for merchants and banks, customer loyalty increases as they can personalize transactions and interactions with consumer-approved data.

Consumer behavior is indeed changing. Desai explained that applying for a credit card or deposit account using just their phone number is easy and attractive for individuals navigating the digital transformation (Prove, he said, was a key part of this innovation). No doubt you’ve received an SMS with a one-time password (OTP) to authorize a transaction or log into a website. But that’s just the beginning, Desai said. Forward-thinking organizations are already using more advanced identity authentication technologies that solve some of the security gaps, costs, and experience issues of OTPs.

“I just don’t think banks or merchants can take their over-reliance on SMS OTP much longer,” Desai told Webster.

Among its other businesses, Prove secures a significant amount of OTPs for large banks and even bought a company, Authentify, from Early Warning that offers multi-layer, multi-factor digital authentication.

“We back them up,” he said of the OTPs, “but they’re very expensive.”

They can also be easily socially manipulated, leaving the companies and individuals who use them vulnerable. And the traditional risk-based authentication models at banks and merchants are usually a godsend, as they use transaction history and big data to attempt to establish customer identities.

On the consumer side of the equation, Webster found that using fingerprint/face ID to unlock devices for transactions offers continued convenience in an increasingly contactless world.

This confluence of factors, the use of technology to prove that the person appearing on a website is authorized to use that website, has underpinned Prove’s latest effort to essentially passively convert authentication into digital experiences via the cryptographic key embed in any mobile device.

“The key here is to get to something more deterministic, because that’s the most accurate way,” he said of authentication — and it’s an improvement over “guessing” based on behavior patterns.

Prove Identity last month announced the debut of Prove Auth, which leverages something pretty much everyone has: the phone, and more specifically, the phone’s cryptographic key (that’s the SIM card). Prove’s Phone Identity Network creates and issues consumer-level identity tokens that are bound to these SIM cards.

These encrypted identity tokens, he said, are already being used for KYC purposes or to pre-fill an application (with the user’s explicit consent). Desai predicted the company would do more than 60 million pre-fills in the US this year. The tokens themselves can be issued in real-time as consumers get new phones or change numbers, ensuring ongoing data protection and privacy. A consumer can use their phone to create an account with just a few clicks and will then be prompted to decide if they want to go passwordless.

The archive of financial information moves with consumers

According to Desai, merchants and financial institutions will be onboard with cryptographic, mobile-centric authentication in a big way.

The day is not far off when your own face will open an account and give the nod (literally) that approved data can be used in a wide range of use cases. In this case, if a user’s phone alerted the consumer that Carvana hypothetically wanted to know the potential car buyer’s identity, income, and credit score (all without a hitch), and that permission was granted, the best, personalized deal could be offered to the Job.

“It’s like a filing cabinet with enhanced privacy for your financial information,” Desai said. This filing cabinet moves through daily life with the permission of the individual, in a way that “can create real value for everyone – for the merchant, for the bank and for the consumer”.

The passwordless future may have been a long time coming. But, as Desai said, now is the time.

How consumers pay online with saved credentials
Convenience is prompting some consumers to store their payment information with merchants, while concerns about security are causing other customers to pause. For How We Pay Digitally: Stored Credentials Edition, a collaboration with Amazon Web Services, PYMNTS surveyed 2,102 US consumers to analyze the consumer dilemma and how merchants can overcome resistance.