Calling All FinTech Innovators – It’s Time to Eliminate Passwords
Financial technology or “FinTech” has disrupted traditional banking providers by making financial processes easier, faster, and more convenient for users. The adoption rate for FinTech around the world grew from 16% in 2015 to 64% in 2019, according to Ernst and Young’s 2019 Global FinTech Adoption Index. Moreover, FinTech adoption surged during the COVID-19 pandemic, where remote operations became the new norm.
With the changes in consumer demand and industry trends, FinTech has expanded its offerings, becoming more challenging to entrenched financial organizations. Still, even with their sophistication in digital financial services, FinTech firms have a common drawback – passwords.
While some of these financial innovators are already using more modern identity proofing solutions, they still rely on outdated login credentials that are prone to security risks. Passwords are often stolen, lost, or forgotten. Instead of protecting the system, they become a criminal’s ticket into accessing someone else’s account and exploiting a company’s services.
As drivers of innovation, FinTech operators must leave behind legacy systems to keep their platforms secure while catering to their customers’ needs.
FinTech is on the Rise
The financial crisis of 2008 along with the increasing usage of mobile devices among consumers became catalysts for the rapid growth of FinTech. Broadly, FinTech is the use of digital technology to facilitate personal and commercial finance, addressing issues present in traditional banking.
With easy-to-use mobile applications, FinTech first launched with peer-to-peer money transfer services that offered an easy means of paying friends for shared dinners and taxi rides. Over the last few years, FinTech expanded into different financial service areas such as credit cards loans, investment management, and trading. More recently, FinTech has accelerated with the development, application, and trading of cryptocurrencies.
By offering ease of access across mobile devices and applications that promote more convenient money management than traditional banks and checking accounts, FinTech has lured thousands of millennials to its applications. Nevertheless, with the monetary nature of these digital services, security remains a significant concern.
Regulatory agencies require both FinTech and incumbent financial institutions to ensure the protection and privacy of their customers. Consequently, they must deploy identity checks and other security means to prevent criminals from accessing and exploiting their services.
The Costs and Risks of Using Passwords in FinTech
Time and time again, passwords are brought to light as a source of risks and frustrations when accessing digital platforms. This outdated login credential can let fraudulent individuals into someone else’s account or lock out legitimate owners.
Web- and mobile-based discount brokerage Robinhood revealed in 2019 that some user logins were stored using plaintext because of a technology glitch. Although the issue has been resolved, it left many accounts vulnerable to attacks. Even one stolen credential holds significant value and can be used to access other online accounts of the real owner.
Lost passwords are not uncommon in Bitcoin. According to Chainalysis, a cryptocurrency data firm, about 20% of the existing 18.6 million Bitcoin is considered in lost or inaccessible wallets. Unlike other financial services, Bitcoin does not offer password recovery or reset.
In the case of Stefan Thomas – a German-born programmer living in San Francisco – a forgotten password became a barrier between him and his 7,002 Bitcoin worth roughly around $250 million as of mid-2021. An article published by The New York Times cited that Thomas lost the paper where he wrote the password that would unlock a small hard drive called an IronKey, which contained the private keys to his Bitcoin wallet.
The same article also highlights Brad Yasar, an entrepreneur in Los Angeles who shares the same fate as Thomas. Yasar lost his password several years ago, preventing him from tapping his Bitcoin wealth.
If FinTech wants to stay ahead of the curve, it must replace legacy identity authentication systems with more robust solutions that provide enhanced security as well as seamless user authentication experiences.
The Need for Passwordless Solutions in FinTech
With users locked out of their accounts because of passwords and bad actors lurking around weak cybersecurity, it becomes more imperative that FinTech enterprises shore up their digital security with more effective identity verification technology.
FinTech firms must deploy passwordless login that is compliant with the FIDO2 authentication standards for stronger authentication. To replace passwords, FIDO2 login utilizes the combination of inherence factors (biometrics), possession factors (cryptographic keys stored on a registered device), and even knowledge factors like stored pattern swipe.
The cryptographic keys are unique to each registered device and not stored on a server. These on-device credentials also require a secondary factor like a stored pattern swipe or biometric authentication to unlock the cryptographic keys. In addition, since many iOS and Android mobile devices have built-in support for facial or fingerprint recognition, the identity authentication procedure is done within a few seconds for a hassle-free user experience.
Critical to secure deployment of passwordless solutions, however, is the need to ensure that the person who registers a device or adding a second device is truly the account owner. By tying FIDO registration to a quick biometric identity proofing, FinTech providers increase the security of their platforms all while offering a seamless passwordless customer experience.
Legacy identity authentication systems inconvenience FinTech customers, increase opportunities for fraudsters to infiltrate the system, and can frankly tarnish the reputation of an industry built on deploying state-of-art technology.
By replacing outdated passwords with a modern multi-factor authentication solution like FIDO2 cryptographic login, FinTech firms can ensure their legitimate customers will not lose access to their accounts while keeping out the bad guys from exploiting their services.
With authID‘s suite of multi-factor authentication services, enterprises can replace outdated knowledge-based authentication in call-center or online chat support centers and increase assurance with quick, low-friction user experiences on trusted mobile devices. Verified extends the value of a proofed identity by enabling FIDO2 strong authentication for passwordless login to establish a digital chain of trust between biometrically verified individuals, their accounts, and their devices. Verified confirms consent to specific transactions and biometrically authenticates a person’s identity in real-time for higher-risk transactions and is a powerful account recovery tool when a customer needs to login from an unregistered device or replace a lost device.
Schedule a Demo with authID
authID.ai is a leading provider of an Identity as a Service (IDaaS) platform that delivers a suite of secure, mobile, biometric identity solutions, available to any vertical, anywhere.
Contact authID today at 1 (516) 778-5639 or click here to schedule a demo.