According to the U.S. Payments Forum’s 2017 summer market snapshot, 45 to 50 percent of all U.S. credit and debit transactions are now chip-on-chip. Accordingly, the industry has experienced a much-welcomed reduction in counterfeiting and other types of card-present transaction fraud.
But just as one weak link in the chain strengthens, criminal elements look for another vulnerability to exploit. A December 2016 Visa Risk Services presentation, predicted that when chip-on-chip rates hit a breaking point of 50 percent, fraudsters would shift from EMV terminals to the card-not-present channel.
The recent Equifax hack illustrates all too plainly that fraudsters have deftly made this transition. Thankfully, events like the massive Equifax breach don’t happen every day, but criminals are still making hay in the virtual space by employing pernicious tactics such as phishing and social engineering to steal individuals’ names, card numbers and other sensitive personal information.
It’s been nearly two decades, since Visa and Mastercard introduced cardholder authentication solutions such as Verified by Visa and Secure Code to help issuers and merchants protect themselves in the online market space. The protocols for these solutions were licensed to other major card brands and became the standard script for authentication practices for years.
Unfortunately, they did little to stave off card-not-present fraud as participation was not compulsory for merchants and issuers. Issuers also had the additional burden of continuously encouraging cardholders to register for one of these services and cardholders were required to memorize yet another password (which they frequently forgot leading to cart abandonment at check out). In the end, no one was happy and issuers still bore most of the liability.
A New Hope.
In 2014, Visa and Mastercard began working with the EMVco (Europay/Visa/ Mastercard) organization on a new industry authentication protocol titled 3-D Secure 2.0. The EMVco group consists of the six primary market players in the payments space and works to standardize card and merchant acceptance practices and rules worldwide.
3-D Secure 2.0 aims to reduce consumer friction and increase sales transaction approvals by using a risk-based model that looks at a multitude of factors including IP address, cardholder usage patterns and geographical location to analyze the likelihood of eCommerce card fraud.
“This new risk-based authentication solution leads to an 85 percent reduction in checkout time and 70 percent reduction in abandonment,” notes Visa Risk’s Lauren Rossi. “Battling U.S. CNP fraud detection is as much about reducing false declines as it is avoiding fraud,” she says.
This next generation 3-D Secure 2.0 protocol will support multiple payment methods and payment tools. As the ecommerce space continues to mature and more cardholders embrace the convenience of online shopping and subscription services, it is increasingly important for both issuers and merchants to employ the latest and strongest available technologies to protect themselves from savvy fraudsters looking to attack the weakest links.