Skip to content

Table of Contents

    Payment Authentication Methods: Which is the best option for banks?

    Payment authentication

    In today’s technology-driven world, the question for banks is no longer about whether they should adopt digital payment but how they make payments faster, better, and more secure. Different payment authentication methods have been developed to help financial institutions achieve these goals.

    However, with many online payment authentication tools available on the market, finding the right one for a mobile banking app can be a real hassle. Aiming to help bank leaders accelerate the decision-making process, we compiled some of the common payment authentication in banking along with their pros and cons.

    1. SMS OTP

    An SMS OTP allows users to verify their identities with a one-time password that is sent to them via text message. As soon as the code is generated, users are asked to enter it on the app within a specific period to confirm the transaction. This phone-based OTP is currently the predominant authentication method in the banking industry due to its ease of use and convenience.

    Moreover, some online banking services utilize a transaction authentication number (TAN) as a type of one-time password (OTP) to validate and authorize financial transactions with single use.

    However, its vulnerable security system poses significant cybersecurity threats to your banks. SIM interception and social engineering attacks are relatively common with this type of transaction. According to The Business Times, a Singapore bank has lost S$13.7 million to an SMS phishing scam. Having their name linked with the fraud, the bank might also suffer reputation damage and loss of potential clients.

    In addition to the security challenges, you should also assess the cost of implementing SMS authentication in banking. Although prices vary across providers, financial institutions, in general, have to endure enormous SMS fees considering the massive volume of messages being sent to clients. In fact, 1 billion VND is the amount of money that Vietnamese banks have to pay for text messaging services in 2021.

    Considering SIM card vulnerability and increased smishing incidents recently, you might want to seek alternative payment authentication methods that are more secure than the outdated SMS OTP for your banks.

    Pros Cons
    • Easy to use
    • Convenience
    • Familiarity with the public
    • Vulnerable to cyber attacks
    • Expensive costs

    2. Personal Identification Number (PIN)

    Bank PIN is yet another popular method of mobile payment authentication. On the surface, a PIN looks much like a password. However, PINs are largely shorter than passwords and usually consist of a string of between 4 and 8 numbers.

    Similar to SMS OTP, PIN-based biometric authentication banking is widely accepted because of its user-friendliness. All users have to do is enter their self-selected PIN codes to complete the transaction. Nevertheless, PINs almost always demand manual data entry, which might annoy to some users.

    Furthermore, it is uncommon for online banking users to use the same PIN numbers for all of their cards. Despite being advised to use strong and unique PINs for secured payment, the majority of clients still chose simple, repetitive and easy-to-guess PINs like ‘’1234’’ or ‘’1111’’ as per the Cambridge University study. 50% of the research participants also admitted to sharing their PINs with others freely. These undoubtedly pose serious security challenges for financial institutions in customer data protection.

    Pros Cons
    •  Straightforward transaction process
    • Handy
    • Some require manual data entry
    • Risks of data breaches due to weak PINS 

    3. Bank token

    A bank token can be a hardware security device (often called a hard token) that generates a single-use PIN to authenticate a financial transaction. Hard tokens require a user to be in physical possession of the authentication device to sign banking orders. Hence, they offer a high level of security.

    In most cases, a hard token must be physically stolen or replicated to break into a hard token secured system. This make it harder for hackers to remotely breach the system with just an internet connection.

    On the other hand, hard tokens are fairly expensive, and their administration and maintenance often take a heavy toll on IT departments. Moreover, users are required to always have the device with them to generate payment transactions, not to mention that the hard tokens are pretty easy to lose.

    Likewise, a soft token is a software-based security token that can act as a standalone authentication app or be integrated into a mobile banking application. Fairly speaking, software tokens have several advantages over hardware tokens. They can’t be lost and are much more convenient compared to the hard token.

    Additionally, the incremental cost for each additional token is negligible and can be easily distributed to users instantly, anywhere in the world. Although soft tokens are a strong security measure, they rely on software and network connections to work, making them more susceptible to remote cyberattacks

    Pros Cons
    •  Hard token - high security
    • Soft token - accessible & cost-efficient
    • Hard token - expensive & inconvenience
    • Soft token - easier to breach than hard tokens

    4. PayConfirm

    Developed by Airome, PayConfirm is a mobile transaction authentication signature (mTAS) that authenticates online transactions or e-documents. Similar to e-token, it can be easily embedded into the banking mobile application or work as a customized standalone app.

    Its highly secured system makes the solution far superior to other transaction confirmation methods. Verifying online transactions based on unique smartphone characters, the solution makes it impossible to be ‘’intercepted’’ and reproduced by any third party. No static PINs and OTPs are required with PayConfirm; biometric authentication like facial recognition and fingerprint will be employed instead. This reasonably reduces the risk of SMS swap fraud, social engineering, and many others.

    Improved user experience is another benefit of PayConfirm. In contrast to other payment authentication methods, bank transactions can effortlessly proceed with just one tap on a smartphone screen. With PayConfirm, your banks can decrease the payment confirmation process by 3.5 times. Customers will never experience transaction delays or cancellations connected with PUSH notifications or SMS delivery time.

    Besides, the solution does not depend on mobile service, implying that it still operates stably even with the poor mobile network coverage. Successfully adopted by more than 60 banks worldwide, the technology has helped financial institutions reduce fraud in online banking by 75% and annual expenses up to 30%.

    PayConfirm - A More Secured, User-friendly Authentication Solution

    As a trusted partner of Airome, KMS Solutions is the only firm in Vietnam qualified to execute PayConfirm for businesses. With 12+ years of experience in providing technology consulting and world-class solutions, KMS Solutions prides itself on developing top-notch digital applications.

    Interested in finding out more about PayConfirm? Find more information and book a consultant with us via