The accelerated growth of digital financial services, especially during the COVID-19 pandemic, has challenged banks and financial technology (“fintech”) firms to provide a seamless and secure method of authenticating the identity of their customers.
Fintech and banks must ensure that only legitimate clients can transact on the platform as part of their due diligence with regulations such as Anti-Money Laundering (AML), Know-Your-Customer (KYC), and Payment Services Directive 2 (PSD2) Compliance for Strong Customer Authentication.
For years, passwords have been widely used to provide a secondary knowledge-based authentication method to keep unauthorized persons from accessing someone else’s account. This practice requires internet users to come up with several passwords or reuse them to lessen the hassle of remembering too many login credentials.
In 2020, new research from NordPass revealed that an average person has around 100 passwords, 25% more than the number recorded in the previous year. This growth is mainly attributed to more people creating online accounts because of the pandemic.
Furthermore, a recent Google survey shows that about 66% of their respondents reuse their passwords for more than one online account, and about 75% get frustrated trying to keep track of these credentials.
Even though many financial companies still utilize passwords, this outdated authentication method becomes a major drawback for financial institutions operating in a digitally evolving world. If banks go truly digital, they must adopt passwordless login to shore up their defenses while delighting their customers with seamless account access and transaction authentication experiences.
The Security Risks and Costs of Passwords in Digital Financial Services
Passwords have been notorious for creating security risks in digital systems. Once a criminal obtains someone else’s login credentials, they can use the account to steal funds, make illegal wire transfers, or use the money to finance illicit activities like terrorism. Even one stolen password can be used to take over multiple accounts because of people’s likely reuse of credentials.
From 2017 to 2020, Verizon’s Data Breach Investigations Report has consistently recorded that about 80% of hacking-related data breaches are attributed to compromised passwords. These breaches result in costly password resets, eating away a significant amount from the company’s profits.
According to Forrester Research, large enterprises can spend up to $1 million annually on their workforce and infrastructure dedicated solely for password resets. One password reset usually costs about $70.
Apart from financial losses, passwords also entail other costs such as reputation damage and customer dissatisfaction. Passwords are already a hassle with the amount of friction they add to digital processes. Resetting them adds further inconvenience for the customer as they have to, again and again, create a new complex password that they need to remember.
If banks continue to rely on passwords, they are likely to drive away their clientele to other fintech firms that are already ahead in the digital curve. About 30% of consumers will leave their present financial services provider if another provider offers better mobile services, as stated in an article published by the American Banking Association.
Passwordless Login is no Longer Optional in Digital Banking
With persistent threats in the financial sector and the changing demand of modern consumers, banking companies that want to digitalize their operations fully must replace their password-reliant systems with an alternative that stops account takeover and reduces operational costs.
Digital banks and fintech firms can implement passwordless login using FIDO2 strong customer authentication. The FIDO2 standard leverages a robust combination of other authentication credentials such as inherence factors (biometrics) and possession factors (cryptographic keys stored on a registered device) as well as knowledge factors such as a stored pattern swipe. These authentication factors are not readily susceptible to theft or other circumvention tactics often used against passwords.
They also offer better security than other multi-factor authentication options like email authentication and SMS authentication or shared secrets and knowledge-based authentication. When criminals hack email accounts, other online accounts and the data associated with the email might also get compromised. Similarly, SIM swap scams often target SMS-based authentication.
FIDO 2.0’s cryptographic login credentials harness commonly used mobile devices for a simpler and more convenient authentication experience. Login access to an account is limited to a registered device (something you have) and requires a secondary factor like facial or fingerprint biometrics (something you are) to unlock the cryptographic keys.
Many iOS and Android mobile devices have built-in support for facial or fingerprint recognition, allowing the device authentication to be performed within a few seconds, thus reducing friction in the entire process.
By implementing passwordless authentication, financial institutions can exercise regulatory compliance with the highest certainty. Additionally, digital banks and fintech firms can save on password reset costs, driving up revenue and enabling them to invest the funds into more worthwhile endeavors to promote company growth.
Passwords are inconvenient and do not confirm that the real customer is the one accessing the online account. Consequently, modern consumers are already looking to work with online financial service providers that utilize new technologies for passwordless login. Passwords are also costly for financial institutions to support and are a big security threat as they are often the primary target in phishing attempts that lead to fraudulent account takeovers.
Moving in the digital world is no longer about staying ahead of the competition but keeping up with the fast-paced changes in the industry landscape. When choosing a passwordless authentication provider, digital banks and fintech firms must work with reputable vendors that have the capabilities to meet these modern challenges with confidence.
Verified by authID delivers trusted FIDO2 strong customer authentication for passwordless login and transaction authentication tied to a trusted identity. During device registration, Verified takes passwordless security to the next level by leveraging authID’s seamless biometric identity verification service to scan an identity document and take a selfie to establish a digital chain of trust between biometrically verified individuals, their accounts, and their devices. This digital chain of trust provides enhanced assurance that the true owner of the account is accessing the system and provides an easy self-service solution when the account owner wants to add a second FIDO2 device or replace their primary FIDO2 device.
Schedule a Demo with authID
authID.ai is a provider of an Identity as a Service (IDaaS) platform that delivers a suite of secure, mobile, biometric identity solutions, available to any vertical, anywhere. Digital banks can rely on authID’s FIDO2 passwordless authentication solutions for robust security and seamless customer experience. Contact authID today at 1 (516) 778-5639 or click here to schedule a demo.