• Products

    Digital Trust & Safety Platform

    Fight fraud without sacrificing growth

    Learn more

    Platform solutions

    • Payment Protection
    • Account Defense
    • Dispute Management
    • Content Integrity
    • Sift Connect
    • Passwordless Authentication

    Sift innovations

    • PSD2 Solution
    • New Releases & Enhancements
  • Industries

    One solution, any industry

    Learn how Sift can work for your industry

    Learn more

    Featured Industries

    • Fintech
    • Payment Service Providers
    • Retail
  • Customers

    Case studies by industry

    See how leading brands succeed with Sift

    Learn more

    Featured Customers

    • DoorDash
    • Uphold
    • Paula’s Choice
  • Partners
  • Fraud Center
  • Resources

    Fraud-fighting resources

    Explore fraud trends and insights

    Learn more

    • Blog
    • Demos
    • Infographics
    • Ebooks & Reports
    • Videos
    • Podcasts
    • One-Pagers
    • Webinars
    • Trust & Safety University
  • Company

    Why leaders choose Sift

    Technology, community, and partnership

    Learn more

    Our mission: Help everyone trust the internet

    • About
    • Careers
    • News & Press
Talk to an expert
Products
  • Digital Trust & Safety Platform
  • Payment Protection
  • Account Defense
  • Dispute Management
  • Content Integrity
  • Sift Connect
  • Passwordless Authentication
  • PSD2 Solution
  • New Releases & Enchancements
Industries
  • Fintech
  • Retail
  • Payment Service Providers
Customers
Partners
Fraud Center
Resources
  • Blog
  • Ebooks & Reports
  • One-Pagers
  • Demos
  • Videos
  • Webinars
  • Infographics
  • Podcasts
  • Trust and Safety University
Company
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Talk to an expert Sign in
  • Blog Home
  • Digital Trust & Safety
  • Fraud
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

Verified by Visa is Abandoning Passwords. But Is It Too Little, Too Late?

By Evan Schuman  / 

29 Sep 2016

If you poll any group of 100 security professionals, you’d be hard-pressed to find a single one that would defend passwords as a viable and secure authentication tool. From that perspective, it’s not surprising that Visa officially said it will stop using static passwords for its e-commerce Verified By Visa program.

What is surprising is the world’s largest card brand’s timing. The pledge to abandon passwords for just this one program wasn’t to make them disappear by this year’s holiday shopping season. Or for next year’s holiday shopping season. No, Visa’s announced plan was to rid its Verified By Visa world of “password1234” by April 2018. Good to see that this authentication risk is being taken so seriously.

visa
Image: reynermedia

To be fair, changing an authentication technique requires a lot of companies to make system changes. And when you’re as huge as Visa—in the last quarter alone, Visa said it processed 19.8 billion transactions—these things take time. But still, April 2018?

“These types of initiatives are well-intentioned, but poorly executed,” said Sift Science CEO Jason Tan. “The biggest obstacle is themselves, their inertia.”

What will be the de facto standard?

Visa’s far-off password cutoff gives the card brand plenty of time to see which authentication method the industry gravitates towards. Personally, I’d have preferred some more leadership from Visa to point to what it will move to and argue why everyone should follow.

Visa talked about efforts it is supporting to replace static passwords, but was far from explicit as to its preferred final form.

That all said, Visa has come to grips with the e-commerce reality, which is that authentication has to avoid being invasive and interruptive as much as possible. It conceded that today’s password effort can deliver abandoned shopping, saying, “The enrollment process for Verified by Visa-specific static passwords can introduce friction and divert cardholders from the merchant’s website.” It also added that shoppers often forget passwords and that passwords “can give thieves a way to register a password on a cardholder’s behalf.”

Visa is now embracing the data-intensive approaches that are growing popular today, where sites leverage the vast oceans of data that consumers—especially those using a mobile device—bring along during every shopping trip. This, Visa said, will “also enable an improved experience for consumers by providing issuers with more data—data that can be used in the decision process so that legitimate transactions are not declined. [The new Visa approach] will also give merchants the capability to better integrate authentication into their checkout processes for a more seamless consumer shopping experience.”

Sift Science’s Tan agrees that a data-based approach is better. Many of today’s e-commerce authentication methods introduce “a lot of unnecessary friction. The grand promise of the machine-learning system is that we can put a lot of data to work,” he said.

“Don’t ask for the credentials upfront. Quietly check in the background,” Tan explained, adding that “putting the onus on the customer” is a terrible idea when analytics can make a much more accurate assessment on its own. If the software sees conflicting data points, credentials can always be sought later—but only for the few cases where it’s needed.

IoT Complexity

Visa also touched on the Internet-of-Things movement, referencing “new device types such as connected cars and refrigerators.” Such transactions will initially push the purchase/tender part of the transactions to a nearby mobile device, where it will be treated as any other mobile transaction.

Apple’s CarPlay, for example, already integrates a large number of mobile functions into a car’s dashboard. With that work done, allowing ApplePay to pay for transactions will be a lot easier, whether it’s instantly purchasing a song that just played through Pandora or Spotify, or paying for gas or a meal at a rest stop.

Eventually, though, IoT devices will sport screens just large enough to make their own transactions. Turn the thermostat up a few times and an ad may pop up for sweaters or a space heater. Nowhere will ease and speed of transaction be more essential than making a purchase from a refrigerator, thermostat or a watch.

Purchases are quickly moving from in-store to online and eventually to IoT – and all of that is being overwhelmingly fueled by speed and convenience. Why would a merchant ever want to make the customer interaction any more slow and arduous than it absolutely needs to be?

Related

authenticationInternet of Thingsverified by visa

Evan Schuman

Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for CBSNews.com, RetailWeek, Computerworld, and eWeek.

  • < prev
  • Blog Home
  • next >
  • Company
  • About Us
  • Careers
  • News & Press
  • Partner With Us
  • Blog
  • Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety University
  • Fraud Management
  • Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
  • Social

Don’t miss a thing

Get industry trends, insights, and actionable fraud-fighting tips.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.
Do Not Sell My Personal Information

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2023 Sift Science, Inc. All rights reserved. Sift and the Sift logo are trademarks or registered trademarks of Sift Science, Inc.
Privacy & Terms

Secure your business from login to chargeback

Stop fraud, break down data silos, and lower friction with Sift.

  • Achieve up to 285% ROI
  • Increase user acceptance rates up to 99%
  • Drop time spent on manual review up to 80%
Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.