Home Passwordless Authentication: The New Shift in Cybersecurity Bound to Revolutionize Fintech

Passwordless Authentication: The New Shift in Cybersecurity Bound to Revolutionize Fintech

Cybersecurity is a great concern for every organization that has even the littlest digital presence today. But even more for the financial services sector, because of the sensitivity of the information companies in the sector deals with. More so, 19% of cyber attacks target FinTech.

The New Shift in Cybersecurity Bound to Revolutionize Fintech

As such, financial services companies need to take extra steps to protect their customers and their business. For years, severely weak passwords like 123456 or otherwise easily guessable passwords have left accounts at high risk.

People have been poor stewards of passwords.

People as a whole have been lax concerning their passwords leaving organizations, including and especially FinTechs, need to step up by ditching passwords for passwordless authentication solutions.

Cybersecurity scalability

Presently, one key factor in developing an effective cybersecurity strategy is scalability.

Scalability because, as the WEF Fintech Cybersecurity Consortium establishes, cybersecurity solutions should have cross-border applications “so that a FinTech can use recognized cybersecurity best practices to facilitate entry to new markets and grow securely as it expands.”

Passwordless Authentication

Weak passwords caused 30% of ransomware attacks in 2019. For FinTechs, different modern options rival and offer better protection than passwords. More so, they are scalable so that passwords aren’t, making them effective protection solutions.

Providing financial services is a risky business. Financial crime and fraud have a long history and have waxed stronger since the digitization of financial services.

According to Mckinsey, the lines between cyber breaches, fraud, and financial crimes get increasingly blurred. FinTechs must constantly evaluate their cybersecurity and authentication profiles for continued protection.

Image Credit: McKinsey

Passwordless authentication is a product of the FIDO2 project, an open authentication standard that builds on previous work on web authentication by the FIDO Alliance and is carried out in collaboration with the World Wide Web Consortium.

Therefore, the FIDO2 specifications are drawn from the W3C’s Web Authentication (WebAuthn) and as well as FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).

 

One of the major mandates of the European Banking Authority’s revised Payment Services Directive (PSD2) that came into effect in 2018 was to make Fintechs and other payment processing companies adopt stricter and more modern security authentication requirements, including multi-factor authentication.

Foundations of Passwordless Authentication Systems

Many passwordless authentication systems use a two-factor (or multi-factor) model, where a cryptographic key pair is created combining public and a private key. The public key is stored with the service provider, but it is useless without the private key that has only user-side access since they are a unique pair, and it is the private key that actually unlocks the public half of the pair.

Passwordless alternatives

Even on the users-side, people are now more inclined towards passwordless alternatives to security authentication. In a Visa survey reported in January 2020, 53% of participants (credit cardholders) are willing to switch their financial services provider if their bank does not offer biometric authentication based on fingerprints and facial features. The top reasons given for this choice include:

  • No longer needing to remember passwords (42%)
  • Improved security over passwords (34%)
  • Not forgetting or losing an authentication method (33%)

Notice that the top given reason is related to convenience. Many people have to memorize tens of passwords at a time, and this does not provide an optimal user experience.

The future of digital security authentication is fintech

The future of digital security authentication in fintech features high-level security and fraud prevention without sacrificing convenience. Indeed, user experience is listed as one of the building blocks of a future-proof authentication framework, according to a World Economic Forum report. The others include:

  • Security – of course, the logical first choice. Authentication in the financial services sector should be mainly geared towards fraud prevention in web skimming and so on.
  • Privacy – inherence-based and possession-based authentication elements transfer authentication information storage to the user-side, to some extent freeing the service provider from culpability in the case of a breach.Scalability – a passwordless authentication solution should be able to deal with exponential growth rates.

Immense benefits of passwordless authentication

Whichever perspective you view it from, user-side or server-side, passwordless authentication has immense benefits for both the users and the service providers. Passwords are being gradually phased away,. Fintechs need to audit their cybersecurity strategy and implement more secure solutions designed to mitigate modern cybersecurity risks and reduce digital fraud in the financial services sector.

Conclusion

Note that passwordless authentication does not make a system resistant to any and every form of attack. As it has always been, with the introduction of new technologies, cyber attackers also refine their tactics and spot new vulnerabilities to exploit. In any case, passwordless authentication remains more secure than password-based systems.

However, there are alternative entry points for attackers beyond authentication; insider threats and backend breaches remain huge risks, and Fintechs must plug all these holes to achieve 360° security.

Image Credits: included by author; thank you!

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Digital Marketer and PR Specialist. The founder and creative director of Drive Digital Buzz, a digital marketing agency that specializes in creating the buzz needed by Startups, Growth Companies, and SMEs to speed up business growth and maximize marketing ROI.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.