Any stumbling block you can place in the path of fraudsters goes a long way toward eliminating Ecommerce chargebacks. Two-factor authentication can be a terrific obstacle when it comes to impending hackers. Also known as 2FA, said simply, the security process requires users to provide two authentication factors to verify their identity. But is it worthwhile in Ecommerce?
What is Two-Factor Authentication?
The real strength of 2FA lies in the fact that a user must be capable of providing more than just a password or an account number to complete a transaction. This can be critical in eCommerce, particularly if one is offering big-ticket items like furniture. If you sell furniture online, a flurry of chargebacks from fraudulent transactions could easily kill your business. Two-factor authentication makes it more difficult for perpetrators of fraud to target your business.
Authentication is typically verified by one of three factors; knowledge, possession, or biometrics. Knowledge typically refers to passwords, a personal identification number (PIN) or a shared secret such as your mother’s maiden name. Possession can be something like a key card, a security token, or even a mobile device.
Biometrics (also known as inherence factors) refers to an aspect of the user’s physical being. These can be fingerprints, voice recognition, a retinal scan, voice recognition, facial recognition or even the way you walk, use a keyboard or speak. Location and time may also serve as secondary factors, requiring a user to log in from a specific place within certain chronological parameters. However, to be true 2FA, each of the factors must be from different categories. Thus, if a fingerprint scan is the basic authentication method, also requiring a retinal scan would not be considered two-factor, as both reside within the category of biometrics.
Of the three factors, knowledge is the most easily compromised and ironically the most frequently employed. This is because knowledge is the most affordable aspect of the three factors. However, with a bit of research and a lot of patience, hackers can generally compromise passwords, PINs and shared secrets.
Odds are, you’ve been using two-factor authentication already and didn’t realize it. For example, when you buy gas with a credit card at the pump, after you swipe your card in the pump’s reader on the pump, the interface screen asks if the transaction is debit or credit. If it’s debit, you’re asked for your PIN. If it’s credit, you’re asked for the ZIP code of the billing address.
Swiping the card in the reader demonstrates possession, entering the PIN or the ZIP code confirms knowledge. When everything matches, you get a tank of fuel and the cost is deducted from your account at the bank. Similarly, when you use an ATM, you have to swipe your card and enter a PIN.
Leveraging 2FA in E-commerce is a bit trickier because the more steps you take an online customer through to complete a transaction, the more likely they are to bail. However, to implement two-factor authentication, you have to ask customers to register and establish a password before they can make a purchase. This added step could be perceived as an unnecessary hassle by shoppers.
Ultimately, you’ll have to decide whether two-factor authentication is worthwhile for your E-commerce business, or if you should go with a different type of payment solution. Common sense says the more security-oriented steps you take the better off you’ll be in the long run. However, you also have to ask yourself if adding another layer of security is worth the risk of losing some conversions?