Low-friction authentication: What you need to know

Vendors and merchants have the task of balancing two primary demands: providing smooth payment processes for their customers as well as strong security to protect against fraudulent transactions.

This article includes tips, suggestions, and general information. We recommend that you always do your own research and consider getting independent tax, financial, and legal advice before making any important decision.

Before any transaction is successful — whether through credit card or digital device — a customer’s identity and data must be verified. But customers also want a seamless payment experience, and if a vendor's authentication isn’t swift, they risk losing as much as 90% of their transactions.¹

Low-friction authentication is a solution that uses advanced technologies to verify payer identity while also supporting the least amount of transaction intervention for the payer.

This guide looks at how low-friction authentication works, the technologies behind it, and how it strives to balance user convenience while guarding against risky activity.

How low-friction authentication works

To understand what low-friction authentication is, it helps to identify the process as well as the technologies involved. Here are three key points concerning low-friction authentication:

1. When a consumer makes a purchase, a merchant puts out a request for their digital identity — device or card — and transaction information.
2. This engages the vendor’s low-friction verification protocol: a digital vetting process that draws on a synthesis of user information, including biometrics, behavioural analytics, device and contextual recognition, and artificial intelligence (AI) or machine learning.
3. Based on this, the customer and transaction may be deemed either low or high risk, and the transaction will either go through immediately or additional information will be requested.

There is a variety of protocols used to authenticate identity. These may include:

• Single sign-on (SSO). With this method, a customer authenticates their personal identity information a single time. That SSO can then be used across multiple platforms and applications.
• Multi-factor authentication (MFA). This security measure requires two or more pieces of personal identity before access is granted to a service or transaction. This may include biometrics (such as fingerprint or face recognition), a security question, or a one-time password.
• Zero Trust security. This is a security model where users requesting access to an online service or platform are vetted, authenticated, and consistently validated over time.

The PayPal Security Centre offers additional detailed information on its advanced security protocols and how to keep transactions safe.

Understanding low-friction authentication technologies

Low-friction authentication technologies work as a gatekeeper to service access. They use information to create unique digital user profiles that are regularly updated and analysed. Any anomalies detected in this data may trigger additional authentication requests to protect against fraud.

Some of the main data protection technologies behind low-friction authentication can include:

• Biometrics. Fingerprint data, facial recognition, voice recognition, or even iris and retina scans can be used to determine a user’s unique identity.
• Behavioural analytics. A user’s online activity is observed and monitored to create a digital behaviour profile. This can include screen interactions, mouse activity, and keystroke or device movements.
• Embedded authentication. A user is allowed to log in directly within a provider’s app or framework using existing authentication data, without being redirected to an external platform or login portal.
• Contextual awareness. This considers a user’s physical location, environment, network login, or IP address, as well as the time of day that the user is typically active.
• Device recognition. This technology uses information about a user’s device or hardware, including the specific operating system, browser type and version, and configuration data.
• Machine learning. AI and machine learning can help to further synthesise and analyse the above data points, helping to discern any anomalies and warn of potentially risky behaviour.

Benefits of low-friction authentication

There are several benefits to using low-friction authentication. These may include:

• Improved security. Low-friction authentication creates a robust layer of data and information to establish identity quickly, functioning as a unique wall of protection against fraud and risk.
• Fast access. This is a key low-friction authentication benefit because users can be granted access to services almost instantly, eliminating the need for follow-up authentication requests.
• Streamlined experience. Whether using cards, digital wallets, or apps, users can enjoy a seamless online experience with reduced interference, facilitating customer satisfaction that benefits all parties involved.
• Risk mitigation. Low-friction authentication reduces system and network vulnerability, providing an effective barrier to fraudulent operators and phishing scams.

Challenges of low-friction authentication

There are also several risks and challenges to using low-friction authentication. These may include:

• False negatives. In some instances, authentication measures may incorrectly flag a legitimate user as risky or potentially fraudulent, creating a situation of friction that may end up losing customers and future sales.
• Inevitable friction. Some authentication methods may still require users to input PINs or open apps to verify through biometrics, posing an additional layer of scrutiny that may lead some users to abandon purchases out of confusion or perceived frustration.
• System vulnerability. While this authentication technology is sophisticated, it still relies on vendors and merchants running their own internal fraud protection and risk management practices to ensure that fraudulent transactions don’t succeed.