Passwords Hindering Faster Payments in US, Fed Says

Over a decade ago, Microsoft chief Bill Gates made the shocking prediction that, “There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure.”

The Continued Use of Usernames and Passwords Deemed “Ludicrous”

This was in 2004 in a move to sell the idea of two-factor authentication (2FA) in order to minimize risk among employees who use easily compromised passwords. Nearly a decade later, Google made waves in 2013 when it introduced a similar plan to add tokenization to its login process: A USB-based cryptographic card that allowed for easier login.

The technology has continued to evolve, including phones that wouldn’t need password authentication in the presence of a smart watch, the rise of biometrics including fingerprints, iris scanners, facial recognition, and even things like vein recognition ECG recognition and facial thermography; and additional forms of tokenization that improve the shopping experience.

With more and more data generated per day, more and more payments made digitally, there is more to lose (and more for hackers to gain), highlighted in part during the one-year anniversary of the launch of the Strategies for Improving the U.S. Payment System document, a plan focused on enhancing the speed, safety, and efficiency of the U.S. payment system.

“Using passwords and usernames to secure anything is ludicrous,” said Stephen Lange Ranzini, president and CEO of University Bank & University Bancorp, and a member of the steering committee for the Federal Reserve Secure Payments Task Force.

Criteria for Implementing a Faster Payments Framework

Although the document did not specifically call for the death of passwords or recommend an alternate option, the task force did highlight six criteria for speeding up transactions, with 36 sub-categories highlighted below:

• Ubiquity: A straightforward, simple, and user-friendly way of initiating cross border payments with any other entity.
  • Accessibility
  • Usability
  • Predictability
  • Contextual Data Capability
  • Cross-Border Functionality
  • Applicability to Multiple Use Cases
• Efficiency: The capability to add other features to a payment product, and adaptable to current and future payment format standards.
  • Enables competition
  • Capability to enable value-added services
  • Implementation timeline
  • Payment format standards
  • Comprehensiveness
  • Scalability and adaptability
  • Exceptions and investigations process
• Safety and Security: A risk framework, settlement approach, end to end data protection and robust authentication.
  • Risk management
  • Payer Authorization
  • Payment Finality
  • Settlement approach
  • Handling disputed payments
  • Fraud information sharing
  • Security controls
  • Resiliency
  • End-User Data protection
  • End-User/Provider Authentication
  • Participation requirements
• Speed: The main goal of the faster payments plan, speed of payments allows for the transfer of funds more quickly, including approval, clearing, and availability
  • Fast Approval
  • Fast Clearing
  • Fast Availability of Good Funds to Payee
  • Fast Settlement among Depository Institutions and Regulated Non-bank Account Providers
  • Prompt visibility of payment status
• Legal: Developing a legal framework and rules for payments both domestically and internationally while offering consumer protection.
  • Legal Framework
  • Payment System Rules
  • Consumer protections
  • Data privacy
  • Intellectual property
• Governance and Regulatory: What governance issues might influence the effectiveness of a faster payment solution?
  • Effective governance
  • Inclusive governance

Steady Progress

In the past year, the initiative has brought together 500 industry leaders to develop plans and decide on next steps to implement the recommendations. This private-public partnership is offering new ways for the United States to catch up to other countries through collaboration.

“We have seen many of the strategies and tactics included in the plan come to life through broad, unprecedented stakeholder support,” said Esther George, president and chief executive officer of the Federal Reserve Bank of Kansas City who is leading the initiative. “When implemented, the strategies will contribute to public confidence and the global competitiveness of the U.S. payment system.”

What’s Next?

This is part of the long term goal not only to catch up with the payments systems provided in other countries, but to implement ISO 20022 for wire transfer, design a technical proof of concept for a business-to-business directory, and advanced plans to implement ubiquitous same-day ACH.

But Will This Really Make the Case for the Death of Passwords?

With so much riding on the betterment of the US payments system, many other industries could take on the recommendations and processes noted above for other purposes.

Strong authentication is crucial in ‘faster payments’ as the payer has to log in to push the payment out, rather than the merchant pulling the funds based on customer credentials, said Zil Bareisis, a senior banking analyst, in an interview with PaymentsSource. “Knowing the identity of the payer and understanding what they are entitled to is a key factor in managing the safety of such a system,” Bareisis said.

End-to-end encryption and tokenization do not in and of themselves eliminate the need for usernames and passwords, but strong enrollment and authentication could, said Julie Conroy, a research director at Aite Group. “A transition away from usernames and passwords is long overdue across the payment ecosystem, since its value as a security mechanism disappeared long ago,” she said.

Simply put, as the industry evolves to create ubiquity and security, the idea of a password could become obsolete, replaced by a litany of new technologies.

Faster Payments, Easier Processing, Easier International Payments: Just a few Benefits of Virtual Cards

Many of the initiatives and goals of faster payments have already been accomplished in the private market. Improved payments transparency and visibility, singular use, faster payment, and payer-initiated payments—just a few of the benefits of virtual cards.

Learn more about creating your own faster payments strategy, as well as the benefits of paying suppliers with virtual cards using the resources below:

• 5 Things You Didn’t Know about Virtual Payments
• Five Reasons Suppliers Love to Receive Virtual Payments
• Four Barriers to E-Payments Adoption (and How Virtual Cards Overcome)
• Promoting Virtual Cards Among Your Suppliers