Payments Security

Introduction to the Lifecycle and Methods of Online Authentication

Consumer and business customers are constantly seeking faster, more efficient ways to make payments – so some financial services that historically were offered only in a bank branch are now widely available digitally, such as via websites and mobile apps.

Individuals can now open an account, fund it and send money from the account without ever leaving their premises. In 2022, U.S. consumers used digital channels to open an estimated 13.1 million (Off-site) new bank accounts and in 2023, approximately nine out of 10 individuals (Off-site) made digital payments. While availability of these services often is seamless, work behind the scenes is necessary to ensure payment safety and security.

Lifecycle of Identity Verification and Authentication

lifecycle of identity verification and authentication.

  • Identification: An online bank account can be opened in just a few easy steps that mimic the processes used for an in-person account opening. A consumer goes online or into an app and chooses which types of accounts they want to open, then provides key information (such as name, date of birth, address, Social Security or taxpayer identification number) and required supporting documentation (such as a driver’s license or passport, which can be submitted via a picture uploaded to the financial institution).
  • Verification: After the online application is submitted, the financial institution begins “ID proofing” to check the applicant’s information. This identity verification process takes five minutes or less – and is crucial to help protect the integrity of the financial system. By law, organizations are required to verify the online applicant’s basic data elements to confirm the identity actually exists and was not generated by a synthetic (fake) identity, bot or machine masquerading as a real person.
  • Authentication: Once the identity is verified, the organization will evaluate other qualifiers, such as the identity’s uniqueness and possible linkages to other identities, to determine the application’s risk level and therefore, if the account request should be approved. The account becomes active upon approval and can be funded electronically using a debit card or online transfer from an existing account.

Methods of Identity Verification and Authentication

Ongoing access to an online account depends on various authentication methods, all with the same intention of confirming the identity of the person accessing the account is who is expected to be accessing it. Perhaps the most familiar form of authentication is to enter a username and password that uniquely identify the account holder on the financial institution’s website or mobile app. Alternatively, account holders might have the ability to use their face or fingerprints to access their accounts via a computer or mobile device. This form of authentication compares the image that was originally set up on the account with the one that is presented during the desired transaction. A successful match would allow the user to access the account.

Multi-factor authentication (MFA) enhances the identity verification process by using multiple factors to improve authentication reliability. For example, MFA may use a combination of something you know (e.g., username and password), something you have (e.g., a one-time passcode sent to your mobile device), and something you are (e.g., physical biometrics, such as your fingerprint). MFA heightens payment security because multiple factors need to be validated.

Authentication methods also may be used to give permission for customers to access specific services or functions on an account. For example, when a customer attempts to send money to a friend for the first time, a personal identification number (PIN) sent via text or email provides additional authentication for that specific transaction. Once the PIN is entered into the prompt, the payment is deemed authorized and will then be sent. Upon account closure, credentials are deactivated as there is no longer a need for the customer’s access.

Although identity verification and authentication methods are essential for online and in-person transactions, criminals can take advantage of their weaknesses to execute lucrative payouts. Our growing reliance on online account opening capabilities and digital payments can make it easier for fraudsters to use stolen personal information to impersonate us in extremely convincing ways. While there is no silver bullet to stop all fraud types, we can foster a safer financial environment by continuing to advance authentication methods as new payments products and channels are introduced.

This article is part of a series on authentication and its critical role in payments. Subsequent articles will focus on related fraud and security challenges, as well as approaches to mitigate them.