Blog Team Design Prototypes Why Continuous Authentication

What is Continuous Authentication?

The Five W's of Continuous Authentication


Continuous authentication is a large topic than involves many different stakeholders, but in a variety of ways. Authentication has many uses and touch points and shows itself in different ways to these parties.


We define Continuous Authentication as "a system that verifies who you are, whenever you need it, without you thinking about it." Behind this idea is a large technology piece pushing authentication beyond usernames, card numbers, and passwords. Instead of using two-factor authentication, Continuous Authentication uses machine learning and massive amounts of data, to notice patterns in card use in aggregate as well as behaviors unique to individuals.

From device and location information, to biometrics and behaviours, as well as trends across all users, Continuous Authentication uses on the order of 40 or 50 factors instead of merely one, two, or three. Instead of a binary (logged in, logged out) paradigm, authentication becomes a gradient, and individuals get a 'trust score' instead of merely being logged in. This 'trust score' is variable based on the cardholders behaviour and patterns at any given time, and can be polled by a merchant at checkout. Overall Continuous Authentication is a new, more robust alternative to the traditional username and password model, that can make the checkout experience faster as well as much more secure.


One of the key benefits of Continuous Authentication is the continuous aspect of it. This however seems to make it difficult to understand for many users because it is so different from a typical password authentication. Because the system is always monitoring a variety of data sources, it provides a "trust score" at any given time based on the combination of all those factors. For the end user, it means they can be authenticated in the moment, whenever they need it.

From a product standpoint, it is harder to say where the data aspects of Continuous Authentication happen. The data pathways and storage components are still open questions. The data itself is likely to be stored by Mastercard with merchants pulling a trust score and possibly other data from an API at time of purchase. However, a technical sequence of exact events will likely vary by the product and implementation.


Continuous authentication works better today in digital shopping contexts, and will be adopted for customers online likely well before brick-and-mortar stores. Physical store points-of-sale will require a significant capital cost that only large corporate stores will be able to invest in at first: think Amazon Go. Since it leverages many digital data points that are currently used to detect fraud.




Card Issuers