As EMV is implemented in the United States, fraud involving card-not-present transactions (i.e., online, mobile, mail and telephone transactions) is expected to increase — a trend that has occurred in other countries after the adoption of EMV. According to an Aite report, 16 percent of total losses to fraud — or approximately $8.6 billion per year — are currently attributed to CNP transactions. And with the continued growth in e-commerce, estimated to increase by nearly 30 percent by 2017, CNP will undoubtedly gain the attention of cybercriminals once more secure credit/debit cards are used in physical point-of-sale transactions.
The best way to thwart this attention is to combine EMV cards with what is called 3D Secure, a method for ensuring a credit or debit card provided for a CNP transaction has, in fact, been used by the valid cardholder. 3D Secure is the generic term applied to branded offerings such as Verified by Visa, MasterCard SecureCode and American Express SafeKey.
To work, the merchant, the card issuer and the cardholder must be enrolled in the 3D Secure service. But the cardholder is enrolled automatically and authenticated seamlessly during an online transaction process. It works this way:
A cardholder selects a purchase and begins the checkout process by entering his or her address and payment card information.
The merchant’s payment system then forwards this information to the bank’s 3D Secure provider to verify that the authorized cardholder is making the purchase.
The 3D Secure processor provides real-time evaluation of the card based on rules and policies determined by the card issuer, and issues a score that ranks the risk as low, medium or high.
If set up as a card issuer’s rule, the customer may be asked to authenticate the CNP transaction with a password sent via SMS to a smartphone or through the issuer’s mobile app.
3D Secure is no silver bullet for eliminating card fraud, according to Jonathan Hancock, director, global fraud management solutions, TSYS, in a white paper titled “EMV Is Not Enough: Considerations for Implementing 3D Secure. “But when used in conjunction,” he writes, “EMV chip cards and 3D Secure create a powerful proposition: They provide issuers and merchants control over card fraud and costly chargebacks by better assessing transaction risks and authenticating cardholder identities. At the same time, the more sophisticated deployments of 3D Secure cause only nominal disruption to cardholders, enabling an invisible and secure online shopping experience.”
Click here to download “EMV is Not Enough: Considerations for Implementing 3D Secure.”
Michael Scheibach is executive editor of BankNews.
Copyright 2014 BankNews Media (March 2014)