GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

Mobile payments 2013 - Part 2

News

Industry Update

Visa faces challenges to breach fines

FinCEN tackles regulation of virtual currency

10 debit networks pick Discover AID

PayPal co-founder continues innovation

Selling Prepaid

Prepaid in brief

Kaiku makes prepaid a lifestyle choice

Bluebird goes retro with check writing

Views

Securing online payments in North America

Brian Crozier
NetPayment Solutions Inc.

The rise of e-money

Dave Wilkes
Fuze Network

Education

Street SmartsSM:
Traded my drafting table for a demo bag

Dale S. Laszig
Castles Technology Co. Ltd.

Scenarios to avoid in portfolio sales

Adam Atlas
Attorney at Law

EMV for U.S. merchants: Effects and side effects of compliance

Peter Helderman
UL LLC

Company Profile

SCIL-EMV Academy

New Products

Next step, virtual POS

linked2pay virtual terminal
Company: Transmodus Corp.

Aloha to go

NCR Mobile Pay
Company: NCR Corp.

Inspiration

The long and short of service

Departments

Readers Speak

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

April 08, 2013  •  Issue 13:04:01

previous next

Securing online payments in North America

By Brian Crozier

Most North Americans with online banking use it to view statements and pay bills. Europeans do the same, but they also make online bank payments for e-commerce transactions. The major difference between online banking in North America and in Europe is security. Most North American banks only require a user name and login to gain access; second-factor authentication isn't required.

Learn from other regions

The basic concept of most two-factor authentication systems is to combine a knowledge factor and a possession factor. Second-factor authentication drastically reduces online fraud incidences, because a user's password and login ID are no longer enough to give permanent access to the account. When a customer makes an online purchase via computer or mobile device in Germany, Austria and the Netherlands, the bank sends a Short Message Service (SMS) text message containing a one-time password for the current bank transaction to the user's mobile phone as part of the login process.

The SMS text typically quotes the transaction amount and is considered very secure. Next, the customer, who possesses a pocket-sized authentication token (also called a key fob) that has no electronic connection and displays a changing pass-code on its screen, types the pass-code currently displayed on the token into the authentication screen on the device used to initiate the transaction.

Watch out for screen scraping

The lack of security for online banking in North America is a magnet for fraudsters. Online merchants and consumers must learn about the risks of accepting payments outside of bank-sponsored networks.

Some payment service providers use screen scraping technology to automate payments for consumers and report payments to merchants in real time. Most consumers trust the merchants and their online banks; they click off boxes at checkout, not fully realizing they just gave their login IDs and passwords to a third-party payment processor.

Such a processor has access to everything the consumer sees during the login process, including all of the consumer's personal information and recent transactions. The scale of scraping and the hundreds of thousands of account login IDs and passwords being stored constitute a security issue for consumers and banks.

Use SVP, Interac

Processing online payments requires special measures. Working with a bank network increases the confidence and security e-commerce merchants require to protect their customers. Given the greater number of people who bank online versus 10 years ago, security is more important than ever. Bill payment, e-mail money, account-to-account transfers with screen scraping, and pre-authorized debit/electronic checks, which are being used as work-arounds to facilitate e-commerce transactions, should be converted to Secure Vault Payments in the United States and to Interac Online in Canada for the integrity of the banking system.

Having unknown and under-regulated payment companies and merchants storing user names and passwords, along with bank account information, to initiate payments at any time can lead to hacking and data breaches. That is a liability no company or bank can afford in 2013.

Brian Crozier is President of NetPayment Solutions Inc, a company specializing in money transfers and payouts to any Visa or MasterCard anywhere. Contact him by email at brianusemybank@gmail.com or by phone at 416-822-3633.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems