The Threat

Have you ever wondered how many financial institutions hold your KYC information? Banks, credit unions, investment firms, insurance companies, and potentially all the other FIs you may interact with need them to verify your identity. A data breach at any one of them could put your information at risk. According to the 2023 Annual Data Breach Report for the U.S. from The Identity Theft Resource Center (ITRC), 2023 was the worst year so far with a record number of 3,205 data compromises, a massive 78% increase over the 1,801 compromises recorded in 2022!

Wouldn’t it be better to have one or two super regulated and secured organizations to hold and manage your KYC information? Centralizing KYC will also mean centralizing the services related to authentication.

The Thought

Financial institutions might worry that centralizing consumer data could raise privacy issues, negatively impacting their relationship with “their” customers. However, that need not be true for a federated ecosystem where the business information critical to customer relationships remains with individual institutions, while a central system handles the authentication service. This ensures both data privacy and a seamless user experience.

Rapid digitization of commerce and its adoption is demanding reducing friction for the consumers while maintaining the security of the transactions. Furthermore, faster payments, where transactions are processed and settled in real-time or near-real-time, necessitate maintaining high security levels even for smaller businesses that may not have the wherewithal to make elaborate investments in data security to protect users from a range of security threats, including identity theft and fraudulent activity.

Widely used traditional authentication methods like passwords and PINs are increasingly exposed to breaches due to their reliance on static credentials. For example, a typical individual may need to memorize anywhere from 10 to 20 passwords or more, for online banking, email accounts, social media platforms, shopping websites, work-related accounts, and other online services that require login credentials. Rather than remembering multiple passwords, users often reuse combinations that are easy to remember (and guess), further compromising security.

A survey by LastPass released in May 2020 found that although 91% of people know that using the same password on multiple accounts is a security risk, 66% continued to use the same password. An HYPR survey conducted in 2019 showed that 78% of people had to reset a forgotten password in the past 90 days, indicating a significant reuse issue as users often reset to a previous password.

The Solution

Centralized identification and authentication solutions offer a powerful remedy to these vulnerabilities. By consolidating user credentials and authentication protocols under a centralized platform, such systems strengthen security while streamlining the user experience. Furthermore, it can facilitate Multi-Factor Authentication (MFA) using a combination of security questions, biometrics, device fingerprinting, location information, and more, which could be considerably expensive for businesses to implement.

The ID and Authentications Market

Here are some of the companies and how they are approaching building point solutions for the ecosystem:

  • Humanity Protocol, a digital ID startup that is pioneering a Proof of Humanity consensus mechanism on their blockchain to ensure the uniqueness of users’ identities within a decentralized system, has announced a valuation of $ 1 billion in May 2024.

  • Veriff, a global identity verification company with a valuation of over $1.5 billion, utilizes advanced AI/ML models to automate verification decisions.

  • Neuro-ID uses behavioral analytics with patented technology to measure how familiar users are with the personally identifiable data they are entering before they click ‘submit’. The company has raised $49.5 million in funding since inception.

  • Recognizing that OTPs sent over email/SMS are weak and tend to degrade the user experience, IDlayr offers password-less authentication using the cryptographic security of the SIM card with FIDO2 specifications from the FIDO Alliance to deliver a secure authentication solution that is easy to deploy.

  • Human ID Technology Services, a leading provider of digital identity, aims to become the first private digital identity provider serving more than 75 million people in the MENA region by 2030.

The following factors highlight why centralized identification and authentication are crucial for securing online payments:

Strengthened Security:

In addition to biometrics and MFA, Centralized systems use other advanced authentication techniques to strengthen payment security. Sensitive payment information like credit card numbers are replaced with unique identifiers or Token, and used during transactions to ensure that sensitive information is never exposed. The 3DS protocol provides another layer of security for online payment card transactions by requiring an additional form of verification, such as an OTP or biometric check.

OAuth (open-standard authorization protocol) allows users to authorize third-party applications to access their payment information without sharing their passwords. OpenID Connect, an authentication layer built on top of OAuth 2.0, helps users log in once and gain access to multiple financial services without re-authenticating. These robust authentication measures significantly reduce the likelihood of unauthorized access and fraudulent transactions.

Today, Generative AI can analyze user behavior patterns in real-time allowing Central Identification and Authentication systems to continuously monitor activity and identify anomalies. This enables ‘adaptive authentication’ or ‘risk-based authentication’ (RBA) where security protocols adjust based on risk factors like location or device type, providing a balance between security and user convenience.

Possible Use Cases:

By centralizing authentication processes, users can enjoy a seamless payment experience across various platforms and services. They do not have to remember multiple passwords for each payment transaction. Centralized authentication streamlines the payment process, allowing users to securely authenticate their identity with minimal friction, thereby enhancing user satisfaction and encouraging greater adoption of digital payments.

Confirmation of Payee (CoP) is a mechanism that verifies the recipient's identity before processing a payment, reducing the risk of payment fraud and misdirected payments. Smart addressing solutions enable the use of unique identifiers, such as email addresses, phone numbers, or social media handles, to identify and authenticate payment recipients. This is critical for real-time payments that once made, cannot be reversed. By integrating CoP and smart addressing into centralized authentication systems, organizations can ensure that payments are only made to verified and authorized recipients, enhancing security and trust in faster payments.

Enhanced Fraud Detection and Prevention:

Centralized identification systems can use advanced AI/ML models to detect suspicious activities and potential fraud attempts. Through continuous analysis of user behavior and transaction patterns, these systems can quickly flag and mitigate fraudulent transactions, safeguarding both consumers and businesses from financial losses. This is not possible to be done independently by Banks or FIs.

Regulatory Compliance:

As data privacy regulations become stricter around the world, centralized identification and authentication frameworks offer compliance benefits by ensuring adherence to regulatory requirements such as GDPR, PSD2, and PCI DSS. By centralizing user data within secure, compliant environments, businesses can mitigate the risk of non-compliance while fostering trust among consumers regarding the handling of their personal information.

Future-Proof Scalability:

As digital payment ecosystems continue to evolve, centralized authentication systems provide a scalable foundation that can accommodate technological advancements such as blockchain technology, Internet of Things (IoT) devices, or decentralized finance (DeFi) platforms. Centralized authentication frameworks offer the flexibility to adapt to emerging trends while maintaining robust security standards.

RS Software's State-of-the-Art solution for Centralized Authentication:

RS Software's innovative products and solutions are poised to play a significant role in advancing centralized identification and authentication for real-time payments. Our cutting-edge products leverage contemporary technologies such as tokenization, AI/ML, and Gen AI to enhance security, streamline authentication processes, and ensure regulatory compliance. RS Software’s Confirmation of Payee solution can seamlessly integrate with the payment infrastructure of our customers to enhance convenience during payment initiation and minimize authorized push payment (APP) fraud. Individuals and businesses can verify the recipient’s name on the account before initiating the actual money transfer. By integrating
RS Software's products and solutions, financial institutions and payment providers can strengthen their authentication mechanisms, mitigate fraud risks, and deliver seamless payment experiences to customers.

In conclusion, the need for centralized identification and authentication in payments cannot be overemphasized. In an age defined by digital interconnectedness and financial innovation, it is essential to safeguard the integrity of online transactions. By embracing centralized authentication solutions, businesses and consumers alike can embark on a journey toward a more secure, efficient, and trusted digital payment ecosystem.