Payment Authentication Methods: Which is the best for banks?

Apr 21, 2022

In today’s technology-driven world, the question for banks is no longer about whether they should adopt digital payment, but rather how they make payments faster, better and more secure. Different payment authentication methods have been developed to help financial institutions achieve these goals. However, with many online payment authentication tools available on the market, finding the right one for a mobile banking app can be a real hassle. Aiming to help bank leaders accelerate the decision-making process, we compiled some of the common payment authentication methods along with their pros and cons.



Human hand holding mobile phone with text messages.

An SMS OTP allows users to verify their identities with a one-time password that is sent to them via text message. As soon as the code is generated, users are required to enter it on the app in question within a specific period to confirm the transaction. This phone-based OTP is currently the predominant authentication method in the banking industry due to their ease of use and convenience.

However, its vulnerable security system poses major cybersecurity threats to banks. SIM interception and social engineering attacks are relatively common with this type of transaction. One recent reported attack cost a bank in Singapore S$13.7 million across 790 victims. Having their name linked with the fraud, the bank might also suffer reputation damage and loss of potential clients. In addition to the security challenges, banks should also assess the cost of implementing SMS authentication. Although prices vary across providers, banks, in general, have to endure enormous SMS fees considering the massive volume of messages being sent to clients. In fact, 1 billion VND is the amount of money that Vietnamese banks have to pay for text messaging services in 2021. Considering SIM card vulnerability and increased smishing incidents recently, banks are advised to seek alternative payment authentication methods that are more secure than the outdated SMS OTP.


  • Easy to use
  • Convenience
  • Familiarity with the public


  • Vulnerable to cyber attacks
  • Expensive costs


2. Personal Identification Number (PIN)

4-digit PIN displayed on a mobile phone screen

Bank PIN is yet another popular method of mobile payment authentication. On the surface, a PIN looks much like a password. However, PINs are largely shorter than passwords and usually consist of a string of between 4 and 8 numbers. Similar to SMS OTP, PIN-based authentication is widely accepted because of its user-friendliness. All users have to do is enter their self-selected PIN codes to complete the transaction.

Nevertheless, PINs almost always demand manual data entry, which might annoy to some users. Furthermore, it is uncommon for online banking users to use the same PIN numbers for all of their cards. Despite being advised to use strong and unique PINs for secured payment, the majority of clients still chose simple, repetitive and easy-to-guess PINs like ‘’1234’’ or ‘’1111’’ as per the Cambridge University study. 50% of the research participants also admitted to sharing their PINs with others freely. These undoubtedly pose serious security challenges for financial institutions in customer data protection.


  • Straightforward transaction process
  • Handy


  • Require manual data entry
  • Risk of data breaches due to weak PINs


3. Bank token

Human hand holding a mobile phone with a bank token code on a screen. Using e-token as the payment authentication method

A bank token can be a hardware security device (often called a hard token) that generates a single-use PIN to authenticate a financial transaction. Hard tokens require a user to be in physical possession of the authentication device to sign banking orders. Hence, they offer a high level of security. In most cases, a hard token must be physically stolen or replicated to break into a hard token secured system. This make it harder for hackers to remotely breach the system with just an internet connection. On the other hand, hard tokens are fairly expensive, and their administration and maintenance often take a heavy toll on IT departments. Moreover, users are required to always have the device with them to generate payment transactions, not to mention that the hard tokens are pretty easy to lose.

Likewise, a soft token is a software-based security token that can act as a standalone authentication app or be integrated into a mobile banking application. Fairly speaking, software tokens have several advantages over hardware tokens. They can’t be lost and are much more convenient compared to the hard token. Additionally, the incremental cost for each additional token is negligible and can be easily distributed to users instantly, anywhere in the world. Although soft tokens are a strong security measure, they rely on software and network connections to work, making soft tokens more susceptible to remote cyberattacks


  • Hard token – high security
  • Soft token – accessible & cost-efficient


  • Hard token – expensive & inconvenience
  • Soft token – easier to breach than hard tokens


4. PayConfirm

PayConfirm - a secured payment authentication method

Developed by Airome, PayConfirm is a mobile transaction authentication signature (mTAS) that authenticate online transactions or e-documents. Similar to e-token, it can be easily embedded into the banking mobile application or work as a customized standalone app. What makes the solution far superior to other transaction confirmation methods is its highly secured system. Verifying online transactions based on unique smartphone characters, the solution make it impossible to be ‘’intercepted’’ and reproduced by any third party. No static PINs and OTPs are required with PayConfirm, biometric authentication like facial recognition and fingerprint will be employed instead. This reasonably reduces the risk of SMS swap fraud, social engineering and many others.

PayConfirm mobile transaction authentication signature interface

Improved user experience is another benefit of PayConfirm. In contrast to other payment authentication methods, bank transactions can effortlessly proceed with just one tap on a smartphone screen. With PayConfirm, banks can decrease the payment confirmation process by 3.5 times. Customers will never have experience transaction delays or cancellations connected with PUSH notifications or SMS delivery time. Besides, the solution does not depend on mobile service, implying that it still operates stably even in poor mobile network coverage. Successfully adopted by more than 60 banks worldwide, the technology has helped financial institutions reduce fraud in online banking by 75% and annual expenses up to 30%.

PayConfirm – A More Secured, User-friendly Authentication Solution

As a trusted partner of Airome, KMS Solutions is the only firm in Vietnam qualified to execute PayConfirm for businesses. With 12+ years of experience in providing technology consulting and world-class solutions, KMS Solutions prides itself on developing top-notch digital applications.

Interested in finding out more about PayConfirm? Find more information and book a consultant with us via

Related Articles

Stay on top of latest news for Digital Banking