Snippet: The introduction of chip and PIN cards has significantly reduced cloning as a source of card fraud, particularly in Europe, but fraudsters, never idle for long, have switched their focus to a softer target – card-not-present online purchases.

The introduction of chip and PIN cards has significantly reduced cloning as a source of card fraud, particularly in Europe, but fraudsters, never idle for long, have switched their focus to a softer target – card-not-present online purchases. A few minor details on the credit card, which are all in plain sight, are all they need to make fraudulent transactions online. 

Historically, online card transactions have not required additional security layers, such as a PIN or signature. Without them, it has been nearly impossible to verify that the person making the transaction and entering the card information is legitimate. In addition, the absence of a signed transaction record has significantly increased rates of repudiated transactions.

To combat this problem, the industry’s largest payments networks introduced the 3-D Secure standard, which mandates an additional security step prior to the authorization of an online transaction. This three-domain model consists of:

  • Acquirer Domain (the merchant and the bank to which money is being paid);
  • Issuer Domain (the bank that issued the card being used); and
  • Interoperability Domain (the infrastructure provided by the card scheme, credit, debit, prepaid or other type of finance card, to support the 3-D Secure protocol).

The payments networks did not dictate exactly what security procedure must be employed, so the most popular barriers used today consist of a simple username and password to protect the card from unauthorized use.

The software that enables this process is known as an access control server (ACS). Any online transaction request is sent to this server before the transaction is complete, and it is the responsibility of the ACS to validate that the customer attempting the purchase is the rightful owner of the card. 

In an effort to better address card-not-present fraud, Entersekt has built an interactive transaction authentication system that is significantly more streamlined than typical 3-D Secure implementations. It provides a simple, intuitive way for cardholders to authorize online purchases using their mobile phones. It can be incorporated as an authentication module in an issuer’s existing ACS, and is also available as an integrated product from a number of leading ACS software vendors around the world.

This two-factor authentication solution provides secure, real-time confirmation of transaction details on the customer’s mobile phones. The digital certificate-based authentication enables nonrepudiation, and the intuitive experience and simplified user enrollment reduces customer abandonment. Text messaging costs associated with one-time password solutions are also eliminated. 

For more information on how to protect your customers, download Entersekt’s card-not-present authentication solution sheet.

Visit our 3-D Secure webpage

Subscribe to our blog.


Entersekt editor

An avid scowler and violent sharpener of pencils, Editor’s bark is worse than her bite. Every scrap of writing that crosses her desk she treats with the same care she would her own privately published comic verse. Any orphans and misfits, she takes under her wing. After hours, she practices amateur type design and represents her local library in extreme kerning competitions.

 

 

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.