Certification as a key process for authentication

Specifications serve as a standard of reference for a certification process (e.g. laboratory testing, certification) that can be undertaken to guarantee these specifications have been implemented correctly.

We asked, Ludovic Verecque, General Manager at PayCert, to explain us the importance of the certification process.

“In the interest of advancing the industry and improving the payments process from a speed, security or convenience point-of-view, we’re constantly being presented with new technology. Multi-factor authentication, which requires the presentation of two or more of the three authentication factors (knowledge, possession and inherence), is one method that’s really grown in popularity for use in payments, particularly for its privacy and high-security benefits. Yet the lack of existing standardisation for technologies and products based on this type of authentication will limit their adoption at all levels of the payments eco-system.

Many industries including existing payments technologies already have certifications that guarantee a certain level of interoperability with existing IT infrastructure, consistency and compliance with technical and security regulations for any product that adheres to the standard. If there’s to be any progression for multi-factor authentication, including developing a clear market leader, it’s time that the industry involved in the eco-system caught up with creating certifiable standards for product developers to follow and implement.

Setting standards for any types of technology can be challenging. Setting the associated certification infrastructure is also challenging as it needs to be transparent, technically sound and of course repeatable – with consistent results when testing.  For the payments industry, its major challenges will be technical compatibility – particularly the ability for the certification to adapt to use across all types of cards and payments devices – and security. Cardholder information is incredibly sensitive, and with high consequences for breaches, security will always be a high priority for users.

Whilst payments methods based on multi-factor authentication promise to bring some exciting developments, the likelihood is that without a recognised standard and an efficient certification process for technology solutions, that can regulate infrastructure compatibility and build confidence, widespread adoption will be limited.

If we want to see the genuine adoption and progression of technology that uses these new authentication methods, it’s time for someone to take the lead in creating, developing and promoting a certifiable standard that can build confidence in and ensure the regulation of these emerging payments methods. It’ll certainly be interesting to see who steps up first to shape the growing sector."