Mathieu Altwegg

July 2021

Mathieu is the Head of Innovation & Design for Visa in Europe, supporting the company’s efforts to ideate, design and build new commerce experiences for clients and partners.

3 - 4 Minutes

The case of the missing third: will digital identity finally replace passwords?

As every technologist knows, there are three main factors of authentication: something you know, something you have and something you are. Yet in the online world, there has been a near-universal reliance on something you know – namely your username and password – occasionally supplemented by something you have – namely your email account or your device.

Now, with Fast Identity Online (FIDO) Alliance gaining ground, the missing third factor looks set to play a much bigger role. And it promises to go a long way in resolving one of the biggest frustrations of our digital lives.

If you think about it, the effective functioning of the digital world relies largely on the process of identification and authentication. Social media platforms, subscription services, online retailers, financial service providers, mobile apps – almost every online service needs to identify its customers. So almost every entity with an online presence routinely issues its own identity credentials, usually in the form of usernames and passwords.

Fragmentation, frustration and friction

As a result:

It’s frustrating for us, as users, to manage – recent research suggests that most people have an average of 70-80 passwords to remember , and three quarters have had to reset at least one forgotten password in the past 90 days.
It’s inefficient – with thousands upon thousands of separate identity management and authentication solutions all doing the same thing, as well as managing constant password resets that can cost an estimated US$70 each time.
It’s inherently insecure – the complexity of the current situation encourages the reuse of passwords. Indeed, 61% of consumers admit to reusing passwords, with 18-to-24-year-olds being the worst offenders. And, even at the best of times, passwords present security risks. Consider, for example, that an estimated 1 million passwords are stolen by hackers every week.
It prevents the smooth, integrated delivery of services from multiple providers – because each time there’s a password glitch, there’s a risk of abandonment. Indeed, by some estimates, the average consumer abandons 16 purchases a year due to password frustration.

You could say this identity conundrum is the single biggest source of friction in our online lives. And, arguably, it all comes from an over-reliance on passwords. Added to this are the recent regulatory developments around Strong Customer Authentication (SCA), which require transactions to be protected by at least two factors of authentication. Once again, the first two factors – in the guise of passwords and mobile devices – are relied upon. And, in the absence of an elegant implementation, this can bring more friction.

So, wouldn’t it be great if we had an alternative way of authenticating people online?

The stage is set for the missing third factor

Enter the third factor of authentication – that is, something you are, or biometrics.

The great thing about biometrics is that they are always there – at your fingertips, quite literally. They are also unique, so less prone to compromise. And you don’t get that time-lag, which is a characteristic of many SCA techniques, such as waiting for an SMS or email to deliver a unique passcode.

Historically, the payment industry had been hesitant to explore the potential of biometrics – partly over the implementation costs and challenges, the innate risks of centrally-managed biometric databases and how consumers may react.

But the implementation of fingerprint readers and facial recognition technology on hundreds of millions of smartphones means that consumers routinely use biometrics without a second thought. Apple reports that nine-in-ten iPhone users activate the touch ID or face ID function, using it to unlock their device 80 times a day. Also, a sizeable proportion of people are already using these biometric capabilities to authenticate payments. By mid-2020, for example, an estimated 51% of active iPhone users had enabled Apple Pay, with transaction numbers up by 30% in the previous six months, equating to more than 19.5 billion a year. And because, the security resides on the device itself rather than being managed centrally, the risks of compromise are also effectively addressed.

FIDO – the cross-industry initiative

Now, FIDO Alliance is intent on extending the third factor to more of our digital lives. The idea is to harness the inherent biometric capabilities of today’s devices within a federated authentication solution that can be deployed wherever and whenever a consumer is asked to identify themselves online. Its backers include all the global payment schemes, as well as big tech players like Amazon, Apple, Facebook, and Google, device manufacturers like Samsung and Lenovo, and it has government support in countries such as Germany, the UK and the United States.

From a Visa perspective, the elegance of the solution enables us to take another step forward in balancing security with convenience.

Of course the implications – and the benefits – extend well beyond payments.

For consumers, the overuse of passwords is arguably the single biggest frustration of our digital lives. For issuers, offering consumers a more convenient form of providing secure payments mitigates risk, reduces costly fraud and increases customer satisfaction. And for merchants – who invest time, money and energy into getting customers to the point where they want to buy a product or service – biometrics offer a seamless way for their customers to pay securely, quickly and without frustration – reducing the risk that they might abandon a purchase.

With the potential to remove much of the related friction, and the ability to make online payments just as quick and convenient as face-to-face payments, the FIDO initiative promises to be the right solution at the right time.

Stay current with the latest payments insights from Visa Navigate Europe – subscribe today

For more information please contact Gilles Verstraeten.

All brand names, logos and/or trademarks are the property of their respective owners, are used for identification purposes only, and do not necessarily imply product endorsement or affiliation with Visa.

Case studies, comparisons, statistics, research and recommendations are provided “AS IS” and intended for informational purposes only and should not be relied upon for operational, marketing, legal, technical, tax, financial or other advice. Visa Inc. neither makes any warranty or representation as to the completeness or accuracy of the information within this document, nor assumes any liability or responsibility that may result from reliance on such information. The Information contained herein is not intended as investment or legal advice, and readers are encouraged to seek the advice of a competent professional where such advice is required.

¹ According to research commissioned by NordPass, February 2020, https://www.newswire.com/news/new-research-most-people-have-70-80-passwords-21103705

² According to research commissioned by HYPR, December 2019, https://blog.hypr.com/hypr-password-study-findings

³ Cost of Account Unlocks, and Password Resets Add Up, The Hacker News, April 2021, https://thehackernews.com/2021/04/cost-of-account-unlocks-and-password.html

⁴ According to research commissioned by Digital Guardian, September 2020, https://digitalguardian.com/blog/uncovering-password-habits-are-users-password-security-habits-improving-infographic

⁵ 2021 World Password Day: How Many Will Be Stolen This Year?, SecPlicity, May 2021, https://www.secplicity.org/2021/05/04/2021-world-password-day-how-many-will-be-stolen-this-year/

⁶ According to research commissioned by Iproov, May 2020, https://www.iproov.com/blog/16-online-purchases-abandoned-every-year-by-the-average-consumer-due-to-password-frustration

⁷ Average iPhone user unlocks device 80 times per day, Apple Insider, 2016, https://appleinsider.com/articles/16/04/19/average-iphone-user-unlocks-device-80-times-per-day-89-use-touch-id-apple-says

⁸ Apple Pay usage with merchants and banks growing at 20%, Payments Cards and Mobile, November 2021, https://www.paymentscardsandmobile.com/apple-pay-usage-with-merchants-and-banks-growing-at-20/

⁹ Fido Alliance website, https://fidoalliance.org/members/

Share Feedback

How to use Visa Navigate

Would you like to continue to open links from Visa Navigate in the default mail app or switch to Microsoft Outlook (if installed)?

The case of the missing third: will digital identity finally replace passwords?

With the potential to remove much of the related friction, and the ability to make online payments just as quick and convenient as face-to-face payments, the FIDO initiative promises to be the right solution at the right time.

Stay current with the latest payments insights from Visa Navigate Europe – subscribe today

Read Next

UK Consumer Spending Index

Welcome to Visa Navigate from Charlotte Hogg (CEO Visa Europe)

The War for the Customer Gets Personal

Subscribe to Visa Navigate