August 26, 2022

Set customers free from PIN card readers: there’s now a better way to verify account access and authorise bank transfers

Thomas Hull
Content Specialist
Curious?

Discover how SIM-based authentication can help you with a free 30 min consultation

Follow us on

PIN card readers are expensive, cumbersome, and force responsibility for authentication onto your customers. Why not keep the assurance of a physical possession factor, but lose the poor customer experience? tru.ID introduces a new solution that uses the network-issued SIM to verify possession of the mobile phone instead.

Payment fraud has tripled in the last decade. ‘Card not present’ (CNP) fraud is by far the most common method, since payment card credentials are a form of knowledge that can be stolen via phishing or man-in-the-middle (MITM) attacks.  

To comply with regulations such as PSD2 in Europe, and the UK’s SCA (Strong Customer Authentication), some banks send card readers to customers to confirm possession. 

Yet PIN card readers are far from an ideal solution – sending out individual pieces of hardware is costly, time-consuming, and complicates the user experience greatly. It also forces users to be responsible for their own security. 

All this adds up to frustrated users and a poor brand reputation. But what if there was a way to keep the high security, but lose the poor experience? 

Tighter security vs customer experience

Card readers for customer authentication have long been considered the highest-security method to verify transactions – sacrificing customer experience for the reliable security of the card chip reader. 

But these handhelds are far from easy to use, requiring a shipping delay and for the customer to perform their own setup. Maintaining their own bank security device is intimidating and frustrating for many users – it also allows too much room for human error. Meanwhile, customer service teams absorb the costs and complexity of device maintenance, including issuing replacements, tech support, and solving usability issues. 

As the world adapts to becoming all-digital, users expect their payments and transactions to feel easy. Tolerance for delays and UX friction has dropped dramatically. 68% of consumers abandoned a financial app in the past year, an increase compared to 2020, and over 60% of consumers have walked away from a transaction due to a frustrating authentication process.

We spoke to analyst Simon Moffatt about the ‘authentication conundrum’ (the tension between security and ease of use) in our webinar with The Cyber Hut – watch the VOD to learn more.

Do card readers fit the bill for universal authentication? 

Any security solution to be deployed across the entire customer base must meet a rigid set of requirements:

  • Highly secure
  • Easy to deploy
  • Easy to use
  • Easy to manage
  • Cost-effective

This results in compromises. Card readers provide robust security, but they fail on all the other criteria:

  • Highly secure: Card readers use the cryptographic security of the chip in a payment card which can’t be compromised.
  • Easy to deploy: Shipping a physical card reader to each customer is a lengthy process, delaying customer access.
  • Easy to use: Customers have to physically manage and set up their own security device, which is inaccessible or intimidating for many.
  • Easy to manage: Troubleshooting technical difficulties remotely and issuing replacement card readers consumes a significant amount of IAM effort and time.
  • Cost-effective: Shipping new and replacement card readers to every customer is prohibitively expensive.

Now, there’s a new way to provide the same possession-factor security by using what customers already have on them – their mobile phone.

According to Insider Intelligence, 89% of people use mobile banking, including a whopping 97% of millennials. For many, mobile is becoming the default – sometimes the only – method for accessing their finances. Ideally authentication should take place all within the mobile banking experience, with no need for extra hardware or context switching. SIM security now makes that possible.

The modern user-friendly solution: SIM-based SCA

The SIM card acts as a secure possession factor, but with a unique advantage. Every customer already has one at all times, in their mobile phone – and they’re very motivated to keep it safe.

SIM-based authentication is how mobile networks already verify their 6 billion customers every time they make calls or use data in order to charge them correctly.

No extra credentials are needed to ‘log in’ to a mobile network – authentication happens automatically in the background between the SIM card and the operator. SIM authentication is seamless to the user. 

Now, tru.ID verification makes the same network authentication available to banks and FinTechs, solving all of the problems caused by card readers:

  • Highly secure: SIM cards use the same secure cryptographic technology as a credit card chip. 
  • Easy to deploy: Your users already own this hardware – their smartphone. And with SIM auth available as an API in your app, access is instant, with no download required.
  • Easy to use: A simple, one-touch user experience that doesn’t require extra any input except confirming the mobile phone number.
  • Easy to manage: SIM authentication can be integrated using OIDC, and the mobile number is a standard LDAP field.
  • Cost-effective: There are no costs for devices or shipping – simply pay for the verifications you need.

Ready to bring your customer experience into the 21st century?

SIM authentication is cryptographically secure, easy to implement and effortless to use. Unlike card readers and other hardware solutions, tru.ID SIM-based authentication combines security with usability, providing an ideal, cost-efficient solution to protect all your customers without additional hardware.

To find out how to replace costly card readers with high-security, low-friction authentication experiences for your customers, simply book your free demo.