Total losses in online payments due to fraud anticipated to reach $343 billion for retailers between 2023 and 2027. On top of that, 40% of all B2B sales are currently affected by late payments, while bad debt stands at 7%. 

These stats paint a bleak picture, but importantly demonstrate the critical need for robust payment authentication measures to ensure merchants are protecting themselves from bad debt & fraud.

In this article, we’ll look into the intricacies of payment authentication, exploring its significance, the various methods employed, and how it can be leveraged to combat the evolving threats in the payment ecosystem.

What is payment authentication?

Payment authentication is the process of verifying the identity and legitimacy of a payment transaction. It serves as a crucial step in ensuring that the individual or entity initiating the payment is the authorised account holder or cardholder. By implementing robust authentication protocols, merchants can protect themselves and their buyers from the consequences of payment fraud, chargebacks, and other unauthorised activities.

But in a nutshell, what does payment authentication involve?

There are three fundamental objectives of payment authentication:

1. Verifying the identity of the individual making the transaction
2. Verifying that they are authorised to undertake the transaction
3. Validating that they have sufficient credit / funds to make the purchase

Why payment authentication matters to your business

The growing prevalence of digital transactions, especially in the B2B space, has heightened the need for stringent payment authentication measures. Higher transaction values in the B2B context make it even more critical to authenticate payments effectively. Payment authentication not only safeguards financial and data security but also plays a pivotal role in building trust and confidence between merchants and their buyers.

Combat Fraud

Payment authentication plays a crucial role in the fight against payment fraud. By requiring buyers to verify their identity before the transaction reaches the authorisation stage, payment authentication can effectively filter out fraudulent activities, such as identity theft, impersonation and account takeovers.

Enable Credit Offering

In B2B payments, where merchants typically offer buyers flexible credit terms, payment authentication plays a crucial role in securing transactions and managing credit risk. This process involves verifying the identity of the purchasing entity and assessing their creditworthiness before extending credit, protecting merchants from risk of non-payment. 

Kriya handles buyer authentication & authorisation end-to-end; checking credit worthiness, assigning credit limits and onboarding buyers - Learn more

Kriya handles buyer authentication & authorisation end-to-end; checking credit worthiness, assigning credit limits and onboarding buyers - Learn more

Payment authentication vs. payment authorisation

While payment authentication and authorisation are closely related, they serve distinct purposes: Payment authentication focuses on verifying the identity of the payer, ensuring that the individual or entity initiating the transaction is the legitimate account holder.

While, payment authorisation involves confirming the availability of sufficient funds or credit to complete the transaction successfully.

Authentication factors

‍Payment authentication relies on one or more of the following factors to verify the identity of the payer:

Knowledge-based Authentication

Knowledge-based Authentication requires the payer to provide information that only they should know, such as personal details, passwords, or PINs. 

Possession-based Authentication

Possession-based Authentication involves the buyer using a physical item or device they possess, such as a token, key, or certificate, to authenticate the transaction. A common example is the CVV number on the back of a credit card.

Inherence-based Authentication

Inherence-based authentication, also known as biometric authentication, uses the buyer's unique physical characteristics, such as fingerprints, retina scans, facial recognition, or voice recognition, to verify their identity.

Multi Factor Authentication: Enhancing Security

To maximise the security of payment transactions, many payment authentication systems employ a multifactor approach. Multifactor authentication requires the payer to successfully complete at least two of the authentication challenges, typically based on a combination of the factors mentioned above (knowledge, possession, and inherence).

Strong Customer Authentication (SCA)

The use of multi-factor authentication is required for online payments under Strong Customer Authentication (SCA) as part of the European Union's Revised Payment Services Directive (PSD2). At least two separate components from the knowledge, possession, and inheritance categories are needed for SCA. By guaranteeing that the individual initiating the payment is indeed authorised, this regulation requirement improves security and lowers fraud. While some transactions—like recurring and low-value payments—may be exempt from SCA, overall, it greatly improves the security of online payment systems.

Alternative Payment Authentication Methods

Various payment authentication methods have emerged to address the evolving needs of the digital payment landscape. We’ve covered some of the most commonly used techniques below:

One-Time Passcodes

One-time passcodes, typically sent via SMS, landline or email, provide a simple and widely accepted method of payment authentication. The payer must enter the unique, time-limited code to verify their identity and complete the transaction.

QR Code Authentication

This method involves the payer scanning a QR code using a mobile authenticator app to authenticate the payment. While convenient, QR code authentication may be less familiar to some users, potentially adding friction to the payment process.

Biometric Authentication

Biometric authentication, such as fingerprint, facial, or voice recognition, offers a robust and user-friendly approach to payment authentication. By leveraging the payer's unique physical characteristics, biometric authentication provides a seamless and secure verification process.

Push Notifications

Push notifications sent to the payer's registered device can prompt them to confirm the authentication request, providing an additional layer of security and convenience.

Authenticate every type of B2B Buyer

Unlike selling to consumers, not all B2B buyers are the same. There are a variety of business types, from Limited Companies to Sole Traders and Government Entities, and they each need to be treated separately.

Authentication for all merchants follow the usual pattern;

1. Verifying the identity of the individual making the transaction
2. Verifying that they are authorised to undertake the transaction
3. Validating that they have sufficient credit / funds to make the purchase and are a legitimate business
   

But for the different business types, there are nuances in the requirements and necessary processes. For example; on the Sole Traders/Partnerships front, merchants will be focused on anti-impersonation & credit checks, whereas with simple entities they’ll need to ensure the person transacting is the director & has authority to transact. More complex entities (e.g. Government organisations) require even more complex authentication processes.

Merchants will need to ensure their authentication solution is able to handle the relevant entities and the different requirements. Kriya provides a single seamless flow that runs instant buyer authentication including both credit and anti-fraud checks -  For further advice, get in touch with our team.
‍

Build vs Buy

When it comes to implementing payment authentication systems, B2B businesses have two main options: building an in-house solution or leveraging a specialist provider. Each approach has its own advantages and challenges.

Building an In-House Solution

Pros:

• Customisation: An in-house solution can be tailored to the specific needs and requirements of the business, offering greater control over the authentication process.
• Integration: Seamless integration with existing systems and processes can be achieved more easily when the solution is developed internally.
• Data Ownership: Businesses retain full ownership and control over their authentication data, which can be crucial for privacy and security concerns.

Cons:

• Cost/Resource Intensive: Developing and maintaining an in-house authentication system requires significant investment in terms of time, money, and technical expertise.
• Complexity: Ensuring the system stays up-to-date with evolving security threats and regulatory requirements can be challenging.
• Scalability: Scaling an in-house solution to handle increasing transaction volumes or new authentication methods can be difficult and costly.
• Less access to industry data - Limited insight into other databases (e.g. the CIFAS), making it harder to seamlessly authenticate buyers & stay on top of fraud trends.

Using a Specialist Provider

Pros:

• Expertise: Specialist providers have extensive experience and expertise in payment authentication, ensuring a high level of security and reliability.
• Speed: Implementing a ready-made solution from a specialist provider can be faster than developing an in-house system.
• Cost-Effective: Leveraging a third-party solution can be more cost-effective, especially for smaller businesses or those without the necessary technical resources.

Cons:

• Customisation Limitations: Off-the-shelf solutions may not offer the same level of customisation as an in-house system.
• Dependency: Relying on a third-party provider means businesses are dependent on their technology and support services.
• Data Sharing: Using an external provider involves sharing sensitive authentication data, which can raise privacy and security concerns.

Frictionless Buyer Authentication with Kriya.

Give buyers the choice to pay on their own terms and leave the authentication, credit checking and spending limit setting to Kriya - all while providing a frictionless checkout experience. 

• Instant buyer authentication & spending limits set by Kriya
• Offer buyers flexible payment terms
• Kriya pays you in full on delivery of order
• Kriya takes on the risk & handles payment collection

PayLater is driving real growth for our merchants: