Fighting CNP fraud through simple yet strong authentication

Our transactions are becoming increasingly cashless. Consumers are increasingly preferring alternative payment methods as they are often easier and faster to use than traditional methods. Our debit and credit cards now allow us to shop online anywhere we are or to send money to the other side of the globe with a few clicks.

However, the flipside to this boom in online commerce has been a correlating boom in online fraud. Card-not-present (CNP) fraud has been on the rise globally; in the UK alone CNP fraud increased by 20% in 2015.[1] Current authentication solutions used by banks and financial institutions are not effectively solving this issue. One-time-passwords are often used but are vulnerable to attack by sophisticated cyber fraudsters, by using malware and exploiting the vulnerabilities of the SMS network.[2] 3DS is also used as a fraud prevention method, however the user experience can be poor and many retailers end up turning it off as the cost of lost revenue from people abandoning their order through frustration is often greater than fraud rates.

Those in the financial and payments industries believe that payments fraud will become an even bigger threat to the sector over the next couple of years, and they are concerned about the slow progress being made in resolving these issues, with only 10% thinking they currently have an effective solution.[3] An authentication solution needs to be adopted which is not only effective in securing transactions, but also one which doesn’t inconvenience the user.

Failure to stop payments fraud is in part due to a lack of wide adoption of a consistent and effective standard. However, there are security solutions available in the market which, if implemented correctly and consistently, can prevent many instances of fraud. The cardholder PIN is an example and since it was introduced in 2004 card-present fraud has fallen by 78%.[4] PIN was and is so successful because it is easy to remember and use, but also a very secure and effective solution. A similar approach needs to be taken for card-not-present transactions.

Consumers want fast frictionless payments; they don’t want to go through various authentication levels, to remember long and complex passwords or to carry around security tokens. PIN is a simple, yet extremely effective authentication solution that can be used to keep card-not-present transactions frictionless for the consumer, while adding an extra layer of security to the transaction.

When a consumer is making a card-not-present transaction, they would be notified of this on their mobile device and would be able to authenticate this by entering their cardholder PIN on their mobile device. This provides more secure multi—factor authentication, compromised of something you know and something you have.

 

[1] FFA UK Year-end 2015 fraud update

[2] OTP: SECURITY PAST ITS EXPIRATION DATE

[3] https://www.finextra.com/newsarticle/29005/finance-pros-worry-about-payments-fraud-as-more-transactions-go-paperless

[4] Annual Review 2015, Financial Fraud Action UK