Standards-based approaches are popular in authentication at the moment. Organisations such as FIDO Alliance and Mobile Connect are on a mission to change the nature of online authentication by developing specifications that define open, scalable, interoperable sets of mechanisms that reduce the reliance on passwords to authenticate users. FIDO and Mobile Connect are both pushing a standards-based approach, but this raises the question: is this the right approach for financial institutions and consumers in the long run?
To answer the question it makes sense to look at how standards-based approaches have played out in associated sectors. By exploring the rise of mobile payments, you can see that standardisation isn’t necessarily a help, and sometimes it can be a hindrance.
What can we learn from mobile payments?
Mobile payment adoption numbers in Norway, Sweden and Denmark show that more than 50% of the population across the region now use mobile payments. In particular, 82% of all card transactions in Norway are completed on a proprietary domestic debit scheme – this system is one that works nowhere else. Germany has GiroKarte, and France has Carte Bleue. Different systems work for customers in different countries.
Is this thanks to standardisation? No.
It’s because it’s a normal card payment made in a slightly different way with a smart phone, bank, card and store that supports that particular service. Fundamentally, it simply works and doesn’t require major technology or consumer behaviour changes.
Mobile payment standards like NFC are widespread across these regions. But businesses have opted for a technology that is proven to work and is widely adopted because it reduces complexity.
Simplicity and utility will win out
Simply put, users enjoy easier and quicker solutions. These app-based payment services show that simplicity and utility are the drivers in the industry – proximity isn’t a necessity and there is more required to boost the adoption of NFC than reducing queue times. As a result, NFC payment options such as Apple Pay and Samsung Pay based on standardised approaches are struggling for user adoption, even if they are proprietary solutions. Recent research from First Annapolis found that only 15% of registered Apple Pay users are using the service on a regular basis. Tapping to pay isn’t what customers want – customers want simple, easy access to their funds wherever they are.
Standardisation of a system only comes after its widespread adoption. The opposing view, that global interoperability of standardisation will work and should be widely adopted by users, is often only valued by those with vested interests – such as associations like the GSMA and FIDO or network players including Visa and SWIFT.
Standards are a red herring for authentication
Ultimately, standards don’t mean success. They are usually a red herring when it comes to evolving authentication technology for the benefit of all stakeholders – rather than a few.
More often than not standardised approaches have failed, and if standards are successful, they are usually open and publicly available as we’ve seen with OAuth.
Proprietary solutions – particularly biometrics and other device-based approaches – are where most of the progress and critically adoption can be seen. A great example of this is HSBC’s recent announcement that voice recognition technology would be used to authenticate 15million consumers – all without standardisation. Beyond vendor use there is little evidence that FIDO standards are being deployed with the consumer in mind.
Organisations, especially in financial services, now see authentication as a strategic play in the wider mix of digital transformation. In an environment where banks are being challenged on all sides, differentiation is critical. Ultimately, why use what everyone else has got?