With EMV's continued expansion overseas and impending adoption in the U.S., fraudsters are turning away from scamming physical credit and debit cards and instead setting their sights on the card-not-present space online.
In an effort to further protect its customers from potential fraud online, South African-based Nedbank has partnered with Entersekt, an innovative pioneer in transaction authentication, to integrate the solution provider's Online Card Purchase Authorization technology into the bank's Approve-it system. Approve-it is an implementation of Entersekt's interactive transaction authentication technology, and since the launch of Approve-it™ on Nedbank's online banking channel, Nedbank has published a 99% drop in phishing attacks on this channel.
Given the success of Approve-it™ on the online banking channel, Nedbank is leveraging Entersekt's unique Online Card Purchase Authorization technology to expand the protective reach of Approve-it™ to the card not present channel. Approve-it™ now also serves as an enhanced security feature to allow Nedbank's customers to authenticate online card purchases directly through their personal mobile device. When a Nedbank customer performs a 3-D Secure online purchase with their card, they will receive a push message via their mobile device requesting them to authorize the transaction with a simple "Accept" or "Reject" response. Not only does this enhance the customer experience by eliminating the need to remember complex static passwords or retyping one time passwords generated on a token, but the security of the online payments channel is significantly increased as well.
"Despite the clear vulnerabilities one time passwords present, many financial institutions continue to rely on this method of customer authentication before a transaction can be completed," said John Bestbier, Group Executive: Strategy at Nedbank. "Rather than requiring our customers to enter static passwords or one time passwords that can easily be stolen or intercepted by online fraudsters, partnering with Entersekt enables us to leverage advanced authentication capabilities to streamline the approval process by utilizing the customer's mobile to complete the purchase with a simple touch of a button. With no password to retype anymore, there is no password left for an online fraudster to steal."
Designed to serve as an added layer of security for online card purchases, 3-D Secure has been proven to lower instances of card not present fraud, but has widely been dismissed by financial institutions due to the annoyances it presents consumers, such as difficulty with activation and inconsistent methods of authentication. Entersekt's Online Card Purchase Authorization reinvents the 3-D Secure user experience by allowing consumers to authenticate purchases through their mobile device with the touch of a button.
"While there were definite short comings initially associated with 3-D Secure, we saw major potential for the standard to significantly impact transaction security once the consumer objections were fully addressed," said Christiaan Brand, chief technology officer for Entersekt. "By abandoning reliance on passwords and instead leveraging the user's mobile device for authentication, we are able to reduce abandonment rates for online purchases and streamline the authentication process to satisfy consumer demands and 3-D Secure standards simultaneously."