A systematic review of multi-factor authentication in digital payment systems: NIST standards alignment and industry implementation analysis
Phat T. Tran-Truong, Minh Q. Pham, Ha Xuan Son, Dat Tran Nguyen, Minh B. Nguyen, Khiem L. Tran, Loc C. P. Van, Kiet T. Le, Hong Khanh Vo, N. Kim, Triet M. Nguyen, Anh The Nguyen
Abstract
This survey presents a systematic evaluation of Multi-Factor Authentication (MFA) practices in digital payment systems, analyzing their alignment with NIST Special Publications 800-63 guidelines. Through a comprehensive review of 70 academic papers published between 2017–2024 and 13 industry-based authentication tools, we examine how current implementations measure against Identity Assurance Level (IAL) and Authentication Assurance Level (AAL) standards. Our analysis reveals a significant gap between theoretical capabilities proposed in academic research and actual industry implementations, with 33% of tools relying primarily on OTP-based authentication despite more advanced methods being available. The survey identifies emerging trends like biometric authentication adoption (60% of analyzed papers) and varying regulatory compliance across sectors, with payment systems demonstrating 77% alignment with standards while IoT and E-Service domains show fragmented approaches. We propose a framework for developing adaptive authentication systems that balance security requirements with user experience through context-aware risk assessment. This work provides valuable insights for researchers, practitioners, and policymakers working to enhance the security and usability of digital payment authentication systems.