How to end what ails online commerce

Balancing security for reducing fraud while producing a great shopper experience has been the eCommerce challenge from day one. Modernized protocols may help.

A recent report from Juniper research states that global online fraud is on pace to top $25 billion by 2020. And new data from a report by SalesCycle reveals that the average shopping cart abandonment rate across the globe was 74% in Q1 2016 with Asia Pacific having the highest abandonment rate at 75.9%, despite having the highest sales shares by region.

This paints a less-than-ideal picture for the banks, card issuers and merchants in the eCommerce game.

Historically, banks would focus their attention on the security practices associated with online payment transactions to help build their customers’ trust – like finding ways of balancing the risks and costs of their fraud rates.

Fast forward to today’s digital market, where online transactions are the norm. Customers assume security is in place. They demand a stellar, omni-channel customer experience with little to no hiccups in their eCommerce experience.

Banks are becoming aware of the tools available in the market that can help reduce the amount of failed and abandoned transactions (which improves the customer experience) without negatively impacting their fraud rate.

With a proper payment security framework, banks can preserve or even reduce their fraud rate while simultaneously increasing the influx of net new revenue from more online payment transactions.

Modernizing protocols for secure eCommerce 

3D Secure was designed in 2001 to support cardholder authentication for browser-based e-commerce transactions, keeping fraudsters out by using static user names and passwords unique to the cardholder for completing online purchases.

But as eCommerce grew and customer demand shifted more to a great user experience. They wanted more non-browser-based, card-not-present payments that used in-app, mobile and digital wallets.

The payments industry has recognized the need for an updated approach to incorporate risk based elements and omni-channel support. EMVCo, a company which is collectively owned by American Express, Discover, JCB, Mastercard, UnionPay and Visa, recently announced updates to the protocol, calling it 3D Secure 2.0.

The update takes into account new payment channels and delivers expanded capabilities in terms of technology, security, performance, user experience and flexibility.

Mastercard and Visa declare death of the password

The announcement coincides with recent statements made by both Mastercard and Visa – that they will kill-off passwords as a form of authentication, ultimately removing the need for users to enter their passwords for identity confirmation as part of a revamp to the existing (sometimes criticized) 3D Secure scheme.

Both declarations pave the way for risk-based authentication, which makes it possible for a cardholder to be authenticated behind the scenes with no user interaction. Risk-based authentication takes into account numerous sets of data that are applied to authentication models to determine the legitimacy of any given transaction.

CA Technologies, which supports 3D Secure with our authentication solutions, believes in “zero-touch authentication” as a key for password reduction. I like to define zero-touch authentication as the combination of flexible and dynamic rules and neural network authentication models to create a strong payment security framework, which minimizes cardholder interruption and maximizing ROI for the card issuer.

Zero-touch authentication enables card issuers to get the best of both worlds: improving customer experience without having to sacrifice security. This ultimately leads to an increase in interest revenue and interchange fees.


Mitchell Muro is based out of CA Technologies’ Santa Clara office in California and is…

Comments

  • Here’s a simple solution that can greatly reduce fraud without imposing more restrictions on me as a customer: allow people to define “whitelist” devices. For example, if I always shop using my home computer, I should be able to define to a vendor: “Only accept credit card purchases if the originating machine has IP XXXX or MAC address YYYY.”

rewrite

Insights from the app driven world
Subscribe Now >
RECOMMENDED
Corporate Finance Gets API Makeover >Banks Cash In on AI-Enabled Recruiting >Energy and Utility Companies Reap the Benefits of Digital Transformation >