Friday, December 27, 2013
"Statistically, depending on whose numbers you look at, the USD controls about 35 percent of e-commerce or card-not-present transactions globally," said Greg Wooten, Chief Executive Officer at cardholder authentication specialist and SignatureLink Inc. subsidiary SecureBuy LLC. "But at the same time we have about 43 percent of global card-not-present fraud."
That number is expected to rise dramatically once U.S. issuers, acquirers and merchants complete the transition to the more secure Europay/MasterCard/Visa (EMV) chip card standard in 2015. Stymied by the increased security of EMV in the card-present brick-and-mortar realm, fraudsters will migrate more of their activity online, where fraud controls remain porous, according to Wooten.
"Depending on who you listen to from the various card brands, they are publicly stating to merchants that CNP fraud is going to go up 30 to 60 percent in the U.S.," Wooten said. "It will be an absolute tsunami."
Largely in response to that alarming number, in November 2013 SecureBuy offered e-commerce retailers a free 10-year license of its basic 3D Secure authentication technology for CNP environments. Then, in early December, SecureBuy made the same offer to issuers and processors. Wooten said "ironclad automation," such as what 3D Secure provides, is the only way to defend against CNP fraud.
3D Secure was developed by Visa Inc. and supported by the other card brands. The technology is considered the only authentication solution available to online merchants that allows them to authenticate consumers directly with their issuing banks. Additional benefits for merchants adopting 3D Secure is that the card brands give them breaks on interchange and shift chargeback liability for disputed transactions to cardholders' banks.
In a Total System Services Inc. report entitled EMV is Not Enough: Considerations for Implementing 3D Secure, the processor said deploying EMV and 3D Secure together "achieves an optimal security position for customers without impacting the online shopping experience."
When the United Kingdom adopted EMV, card-present fraud dropped 71 percent from 2007 to 2012, TSYS said. Cybercrooks thus moved more of their schemes online, apparently to great success, with the CNP channel accounting for 63 percent of total U.K. card fraud losses in 2012, TSYS added.
Wooten cited MasterCard Worldwide executive Bob Reany, who said at the 2013 Merchant Risk Council conference held last March in Las Vegas that CNP fraud was spiraling out of control in the U.K. until the card brands stepped in and mandated merchants deploy 3D Secure on every CNP transaction.
Wooten echoed Reany's opinion that the card companies could take the same approach in the United States "if merchants fail to control their own destiny."
According to ongoing SecureBuy research, a disconnect exists between merchant and consumer priorities. While merchants are focused on making the online payment process faster and more streamlined to get shoppers to spend more online, consumers are more concerned with the security of their financial information online.
"Consumers are tired of having their financial information − their personal information − stolen," Wooten said. "And they're demanding that merchants take more measures to protect their information. So the old adage that everybody wants a one-button checkout is merchants living in a bubble."
What may be more alarming is that corporations worldwide consider information technology (IT) security unimportant. A recent survey of corporate directors found that only 6 percent of global public companies prioritize IT security, according to Wooten.
"A lot of public companies don't think they have anything to protect," he said. "Whether it is their fraud, their intellectual property or trade secrets, they are completely ignorant of threats that are being presented. And these are some of the largest organizations in the world."
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
