The Green Sheet Online Edition
April 08, 2013 • Issue 13:04:01
Securing online payments in North America
Most North Americans with online banking use it to view statements and pay bills. Europeans do the same, but they also make online bank payments for e-commerce transactions. The major difference between online banking in North America and in Europe is security. Most North American banks only require a user name and login to gain access; second-factor authentication isn't required.
Learn from other regions
The basic concept of most two-factor authentication systems is to combine a knowledge factor and a possession factor. Second-factor authentication drastically reduces online fraud incidences, because a user's password and login ID are no longer enough to give permanent access to the account. When a customer makes an online purchase via computer or mobile device in Germany, Austria and the Netherlands, the bank sends a Short Message Service (SMS) text message containing a one-time password for the current bank transaction to the user's mobile phone as part of the login process.
The SMS text typically quotes the transaction amount and is considered very secure. Next, the customer, who possesses a pocket-sized authentication token (also called a key fob) that has no electronic connection and displays a changing pass-code on its screen, types the pass-code currently displayed on the token into the authentication screen on the device used to initiate the transaction.
Watch out for screen scraping
The lack of security for online banking in North America is a magnet for fraudsters. Online merchants and consumers must learn about the risks of accepting payments outside of bank-sponsored networks.
Some payment service providers use screen scraping technology to automate payments for consumers and report payments to merchants in real time. Most consumers trust the merchants and their online banks; they click off boxes at checkout, not fully realizing they just gave their login IDs and passwords to a third-party payment processor.
Such a processor has access to everything the consumer sees during the login process, including all of the consumer's personal information and recent transactions. The scale of scraping and the hundreds of thousands of account login IDs and passwords being stored constitute a security issue for consumers and banks.
Use SVP, Interac
Processing online payments requires special measures. Working with a bank network increases the confidence and security e-commerce merchants require to protect their customers. Given the greater number of people who bank online versus 10 years ago, security is more important than ever. Bill payment, e-mail money, account-to-account transfers with screen scraping, and pre-authorized debit/electronic checks, which are being used as work-arounds to facilitate e-commerce transactions, should be converted to Secure Vault Payments in the United States and to Interac Online in Canada for the integrity of the banking system.
Having unknown and under-regulated payment companies and merchants storing user names and passwords, along with bank account information, to initiate payments at any time can lead to hacking and data breaches. That is a liability no company or bank can afford in 2013.
Brian Crozier is President of NetPayment Solutions Inc, a company specializing in money transfers and payouts to any Visa or MasterCard anywhere. Contact him by email at firstname.lastname@example.org or by phone at 416-822-3633.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.