The evolution of payments is driven by customer demands – with OOB authentication, consumers feel safe

A closer look into payment authentication, biometrics and Out-of-Band and how it fits eCommerce. An interview with Martina Forster, Senior Product Manager Secure Digital Payments at Netcetera

As eCommerce continues to grow, the user experience is crucial to increasing business acceptance, growth, and profitability. One of the significant aspects of this eCommerce user experience is the payment experience, including the ease of payment, availability of options and success rate.

What’s something impactful you can do? Ask yourself today, what is that something that would benefit you, but the whole payment ecosystem too?

Serve the demands of your own customers and create loyalty. It returns in a great way.

When should you do it?

Now, today and continuously.

Making payments invisible and instant with the support of secure digital payment solutions will dramatically change the overall customer experience in eCommerce. Authentication is a critical step of any online payment process. Undoubtedly, it’s a thing that it is here to stay. But what kind of authentication would fit the demands of all players?

As of today, two major authentication methods affect and significantly contribute to enhancing the overall eCommerce user experience, Risk-Based Authentication (RBA), enabling frictionless flows, and Out-of-Band (OOB). With RBA, the consumer is authenticated silently in the background. A risk tool compares the payment with previous shopping data within milliseconds. Out-of-Band adds another layer of security, bringing maximum safety and the highest user experience. The consumer confirms the payment on its device with a single click.
Think about combining RBA and OOB; the authentication experience is compelling.

Statista reports that the main authentication factors used by companies in financial services worldwide in 2022 are still the password, the security question, the SMSs and OTP and of course biometrics.” The most important reason why companies worldwide deploy passwordless authentication methods is due to better security. Additionally, 24 percent of respondents stated that passwordless authentication provided a much better user experience.


What are the main concerns of a cardholder while making online payments?

The same Statista reports share that with the rise of the home office, it’s no surprise that passwordless authentication is gaining traction. In 2022, 82 per cent of respondents mentioned increased security as the main advantage of passwordless multi-factor authentication, while another 67 mentioned its improved user experience.

This trend can be well understood, having in mind the various challenges consumers face with traditional authentication methods like OTP via SMS, passwords or OTP via Hardware Token. You forget a password or PIN if you don’t use it daily. You can’t shop if the hardware token is at home while you are somewhere else. SMSs are sometimes not received or arrive delayed. You enter the wrong OTP if requested and delivered several times, or you might even have been a victim of SIM-swapping and fraud.

How is OOB addressing these concerns?

OOB enables consumers to strongly authenticate and confirm their purchases through their mobile devices with just one click. As the authentication happens fully out-of-band and with multiple factors (possession + biometry), it significantly boosts security while eliminating the need to remember static passwords or enter one-time passwords and security questions/answers.

Traditional authentication methods don’t protect as securely when cybercriminals seek critical consumer data. This leaves us open to thieves who want to steal our data and personal information if we don’t use 2FA (two factor authentication) security.


What are the key things a card issuer will benefit from the Netcetera 3-D Secure OOB solution? What makes Netcetera different?

They have a partner who understands them, is flexible and shows the best ways and solutions to find their path to success. We deliver highly reliable services and extensive 24/7 customer support. Our many years of practical experience with the 3-D Secure requirements, secure software engineering, PCI DSS and PCI 3DS. We provide regulatory compliance and solutions that fit the latest technology and industry standards, as is the EMVCo 2.3.1 payment protocol.

The Netcetera 3-D Secure Issuer Service offers different OOB solutions meeting the needs of our customers: SDK for integration into an existing issuer/ bank app, a white-label app or integration with a custom authentication service.
So, the OOB could be integrated with any business, be it an issuer app or a banking application. Or, for fastest time-to-market, they can choose the alternative and launch a dedicated OOB app with own branding.
However, integrated into an existing mobile application the consumers can continue using the mobile app they already know, enjoying better user experience.

"For fastest time-to-market, issuers can choose the alternative and launch a dedicated OOB app with own branding."

Here is one of our customers as an example, since references speak best - the issuer processor Areeba, who already embraced the OOB in the Middle East. They aimed to keep their customer’s competitiveness at the highest level by providing the cardholder with the highest fraud protection and convenience.

Of the many global customers and millions of cards protected with the Netcetera ACS, one-third of our customers use OOB. There is a significant potential for others to jump on it, too. And we totally support it since we believe in its benefits and how much better it will fulfill customer needs and expectations.

“OOB saves time and costs and makes your online payments smooth.“

Why should a card issuer switch to OOB?

It’s time to get modernized. Consumers expect it and feel safer. It reduces the chances of security breaches and fraud. It offers seamless two-factor authentication that is secure, convenient and reliable. It eliminates the costs of providing outdated hardware tokens or one-time passwords. Reduces SMS costs and operational efforts from multiple SMS providers in different regions.

Yes, banks need to work on awareness raising and spreading the information about a new way of authentication, but they also need to stay relevant and aligned with their customer’s needs.

The cardholders will get used to it quickly. Despite being a matter of customer behaviour, OTP usage will go out of fashion soon since its advantages are not prevailing compared to OOB. OOB is a more modern approach, much simpler and quicker. It is simply more fun for the end-customers. Whether online or on a smartphone, consumers expect an experience where services are designed around their core needs and fully personalized rather than being presented with a menu of traditional banking services.

What to expect in the near future?

We need to aim for simplification and security. In a few years, the worldwide facial recognition market will increase and be worth billions. I assume that Out-of-Band with biometry will remain relevant for at least 5 years from now because of its benefits. However, the future of payment authentication will be diverse, with a few other solutions emerging or on the horizon, such as Secure Payment Confirmation (SPC), FIDO2/WebAuthn, Self-sovereign identity (SSI), Digital Identities….

We at Netcetera watch these trends and collaborate with other industry players to evolve the ecosystem of payment security further to the benefit of consumers. In the end, the consumers of the future will show which technologies and solutions they embrace.


"Make it easy and safe for your cardholders – they’ll appreciate it by staying loyal to you."




  • Statista 2023; Details: Worldwide; 2022; 700+ VPs, directors, and C-level executives
  • Statista 2023; details: Worldwide; 2022;411 respondents; technology professionals

Want to know more? Get in touch with us!

More stories

On this topic