Jesus Pérez Batlles, Head of Payments and Fraud, Groupalia

Jesus Pérez Batlles, Head of Payments and Fraud, Groupalia will be discussing “A new route to identifying the player: the feasibility of introducing biometrics into the gaming world” at the Cybercrime, Security & Regulatory Compliance In Gaming conference.  

Identity management as an emergent service in the payments space

During the past few years we have seen tremendous growth in the ecommerce space and, along with it, in the payments sector. The emergence of many new payment service providers has forced an evolution of business models from simply offering a robust payment gateway to integrated business intelligence tools with added service layers such as fraud prevention, risk measuring, data analysis, loyalty, etc.

Most PSPs are decreasing their rate of innovation or losing focus, and after several years of consolidation in the payment sector, new ideas are needed in order to sustain growth and continue the creation of added value services to customers that are both useful and disruptive. One such service could be integrated, re-usable customer verification. That way, for instance, regular users can avoid going through the hassle of sending documentation to increase limits, release suspended accounts/funds, remembering passwords, etc.

With the arrival of much discussed and long awaited mobile commerce and payments, we have new opportunities as well as new challenges. While the payment infrastructure behind mobile payments is well established, there are many unsolved problems around fraud, security and compliance. Existing solutions that cater to a ‘static’ online environment are not easily transferable to these new methods of interacting with customers. “Mobile” is synonymous with “fast”, “simple” and “everywhere”, but also means “fraud”. In other words, we need total convergence at payment method usage and at registration level too.

In a world of converging services and high specialization delivery channels, business facilitators such as payment services need to start thinking about how to simplify things for both merchants and users without compromising the quality and security of their services and compliance with tight regulatory regimes. Aggregation of multiple payment methods into one solution may be a way to avoid a repetition of your wallet’s “zoo of payment and loyalty cards” on your mobile device. Secure password management and user-friendly multi-factor authentication are additional success factors. What seems to be the “last mile” in a completely integrated user experience from signup to repeatedly using a service is a robust and seamless user identification method that allows for a compliant and repeatable verification of a user’s identity.

On the one hand, users want a convenient sign up and payment process for the various websites they visit and services they use. On the other hand, compliance requirements and fraud prevention measures are tightening in industries such as online gambling or retail financial services. First time users are required to go through lengthy registration processes and burdensome verification procedures. Fine if users signs up for one service, burdensome if they signs up for another, a conversion nightmare if they signs up for a third or more. Sounds like the time has come for a consolidated approach to online user verification and who would be better placed to achieve this than service providers that are naturally close to a user’s identity?

This article can only scratch the surface of a complicated subject such as online ID verification which has seen many different solutions and will probably see many more. What seems evident is that there is great potential for more efficiency and less repetition. The ingredients to achieve this are technology and trust, both of which are attributes that payment service providers or other tech based regulated businesses naturally combine already.

It is difficult to see whether biometric technology will play a big part in this. Use of biometric identifiers for web services or on mobile devices has not become mainstream even though the technology exists and is sufficiently robust. It is likely that the reasons for a slow uptake of biometric identifiers are not due to a lack of suitable technology but a lack of trust that users will have in a remote service provider whom they have not dealt with before. Again, an argument for existing regulated business to get in on the game and capitalize on existing relationships and hard earned trust. I see an “identity wallet war” similar to the one we are now seeing in the payments space, where we will have different categories, such as the “quick registrations enablers” and the “reliable and fraud free” ones.

It is also hard to predict whether to expect a fragmented market of ID service providers or whether users will rely on a few big names and established brands. People’s identity is a touchy subject, not only from a data protection and compliance perspective, but emotionally. In order to be successful, service providers must be able to cover technical aspects but also need to provide an appealing user experience and instill confidence their ID management offering.

Payment security, fraud prevention and management of user credentials go hand in hand with reliable customer verification. Conversion rates can only be sustained and improved by building solutions that address these issues in a consolidated, user-centric fashion. Innovative ideas are needed in order to keep users engaged as an active part of an identity solution rather than a passive subject of background checks and repetitive form filling.

It is also important to note that there are some hints at regulatory level where we can see another big change of paradigm. For instance, we can see how we are moving form a “simple” cash based transactional ecosystem, to a much more complex one, where not only most of the transactions will be electronic, but where we will eventually be transacting with our own unique identity. Therefore, we must all be focused to understand how this complexity, full of legal uncertainties and potential security holes, can be solved in a compliant and secure way, not only for the merchants but  for all the possible parties involved in a transaction (P2P, B2C, C2B, B2G, P2G, etc.)

Interesting times ahead, and I am sure that after many years talking about and building open ID standards, biometrics and many other identity solutions, we will see developments in this sector similar to what we have seen and continue to see in the payments space.

As a quick summary, we could say at a very high level that payments are the present, fraud is the future and identity management has the key to make both work in a secure and compliant way.