Snippet: EMV has now been deployed in more than 80 countries around the world. All have seen a significant drop in card-present fraud as a result, but they have also experienced a surge in online card fraud and other card-not-present (CNP) scams.

EMV has now been deployed in more than 80 countries around the world. All have seen a significant drop in card-present fraud as a result, but they have also experienced a surge in online card fraud and other card-not-present (CNP) scams.

The payments industry has learned a lot from the first global implementations of EMV technology. The most important one being that EMV is not yet able to protect consumers in the online space. Early adopters of EMV have also found that security measures aimed at heading off rising CNP fraud can disrupt the online purchasing process to the point that cardholders abandon their virtual shopping carts in droves.

Payment card leaders recognized that CNP fraud was likely to rise significantly as e-commerce took off. They sought to address the threat with 3-D Secure. This security protocol was designed to introduce transaction authorization in the online space by means of an online user authentication process, much like a signature or entering a PIN number is meant to do in the real world.

A specific security barrier was, however, not specified by the payment networks, which has resulted in the majority of implementations using simple passwords to protect the card from unauthorized use. These are often forgotten, resulting in abandoned purchases. Another common authentication mechanism in use is the one-time password (OTP), which has become increasingly unreliable in preventing phishing attacks.

Consumers also find OTPs frustratingly cumbersome, especially when shopping on their mobile phones. Ensuring that security measures do not frustrate users is essential if issuers want online merchants to embrace the additional security promised by 3-D Secure.

Visa and MasterCard recently announced plans to eliminate the need for password authentication on their 3-D Secure payment platforms. This development serves as proof that current 3-D Secure authentication methods have failed to win over retailers and their customers. Unfortunately, the new plans do not go far enough, relying as they do on analytics that run the risk of false positives and negatives; clumsy, error-prone OTPs; and unreliable biometrics.

Where to go from here?

Investigate replacing cumbersome 3-D Secure authentication processes with an easier, more intuitive means of authorizing card-not-present transactions using a mobile phone or tablet.

Entersekt offers a mobile-based, fully out-of-band, two-factor authentication solution accredited by Visa, MasterCard, and American Express for 3-D Secure. With Entersekt’s Transakt product, the details of any online transaction are transmitted to cardholders’ mobile devices’ in real time. All they have to do is choose “Accept” or “Reject” to authorize or stop the transactions immediately. There is no need to remember long, complex usernames and passwords or retype OTPs.

Transakt matches this level of convenience with industry-leading security. Digital certificates uniquely identify each mobile device, enable mutual authentication between the device and institution, and provide fully encrypted end-to-end communication.

Entersekt’s solution puts the power of safe online transactions back into the hands of the consumer. To find out more, download our complimentary white paper, Add to cart: Improved authentication of card-not-present purchases or visit our dedicated card-not-present authentication solution page.

Visit our 3-D Secure webpage

Subscribe to our blog.

3-D Secure
Entersekt editor

Entersekt editor

An avid scowler and violent sharpener of pencils, Editor’s bark is worse than her bite. Every scrap of writing that crosses her desk she treats with the same care she would her own privately published comic verse. Any orphans and misfits, she takes under her wing. After hours, she practices amateur type design and represents her local library in extreme kerning competitions.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.