Blog article
See all stories »

How to end what ails online commerce

Balancing security for reducing fraud while producing a great shopper experience has been the eCommerce challenge from day one. Modernized protocols may help.

A recent report from Juniper research states that global online fraud is on pace to top $25 billion by 2020. And new data from a report by SalesCycle reveals that the average shopping cart abandonment rate across the globe was 74% in Q1 2016 with Asia Pacific having the highest abandonment rate at 75.9%, despite having the highest sales shares by region.

This paints a less-than-ideal picture for the banks, card issuers and merchants in the eCommerce game.

Historically, banks would focus their attention on the security practices associated with online payment transactions to help build their customers’ trust – like finding ways of balancing the risks and costs of their fraud rates.

Fast forward to today’s digital market, where online transactions are the norm. Customers assume security is in place. They demand a stellar, omnichannel customer experience with little to no hiccups in their eCommerce experience.

Banks are becoming aware of the tools available in the market that can help reduce the amount of failed and abandoned transactions (which improves the customer experience) without negatively impacting their fraud rate.

With a proper payment security framework, banks can preserve or even reduce their fraud rate while simultaneously increasing the influx of net new revenue from more online payment transactions.

Modernizing protocols for secure eCommerce 

3D Secure was designed in 2001 to support cardholder authentication for browser-based e-commerce transactions, keeping fraudsters out by using static user names and passwords unique to the cardholder for completing online purchases.

But as eCommerce grew and customer demand shifted more to a great user experience. They wanted more non-browser-based, card-not-present payments that used in-app, mobile and digital wallets.

The payments industry has recognized the need for an updated approach to incorporate risk based elements and omnichannel support. EMVCo, a company which is collectively owned by American Express, Discover, JCB, Mastercard, UnionPay and Visa, recently announced updates to the protocol, calling it 3D Secure 2.0.

The update takes into account new payment channels and delivers expanded capabilities in terms of technology, security, performance, user experience and flexibility.

Mastercard and Visa declare death of the password

The announcement coincides with recent statements made by both Mastercard and Visa – that they will kill-off passwords as a form of authentication, ultimately removing the need for users to enter their passwords for identity confirmation as part of a revamp to the existing (sometimes criticized) 3D Secure scheme.

Both declarations pave the way for risk-based authentication, which makes it possible for a cardholder to be authenticated behind the scenes with no user interaction. Risk-based authentication takes into account numerous sets of data that are applied to authentication models to determine the legitimacy of any given transaction.

CA Technologies, which supports 3D Secure with our authentication solutions, believes in “zero-touch authentication” as a key for password reduction. I like to define zero-touch authentication as the combination of flexible and dynamic rules and neural network authentication models to create a strong payment security framework, which minimizes cardholder interruption and maximizing ROI for the card issuer.

Zero-touch authentication enables card issuers to get the best of both worlds: improving customer experience without having to sacrifice security. This ultimately leads to an increase in interest revenue and interchange fees.



Comments: (3)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 23 August, 2016, 17:37Be the first to give this comment the thumbs up 0 likes

"One touch authentication" solutions of the type supported by (say) HDFC Bank's PayZapp mobile wallet app already *minimizes* friction, as I'd highlighted in this blog post. Based on that, I'd expect a solution billed as "Zero touch authentication" to *eliminate* friction! Will yours do that?

A Finextra member
A Finextra member 23 August, 2016, 18:39Be the first to give this comment the thumbs up 0 likes

@Ketharaman :) We're all trying to achieve the same end goal, right - eliminating fraud/fraudsters, but not at the expense of making services (like online banking, shopping, etc.) useless. Using available solutions (like risk-based auth & modeling), provide banks the opportunity to achieve their desired authentication framework. Thanks for reading!

A Finextra member
A Finextra member 20 September, 2016, 17:08Be the first to give this comment the thumbs up 0 likes

To further add to this discussion, I'd like to say that the increase in adoption of mobile in E-commerce and payment sectors has opened many more pavements to cyber crimes and this number is only predicted to rise in the coming years. Even though the mobile channel is slowly becoming the new favorite ground for hackers, the importance is given more to channels of exploitation on web applications & payment gateways.

In fact, the year 2014 alone records a total of over 1 Billion breaches from improper mobile security according to Breach Level Index. We wanted to do a test of our own, so we did a security analysis of the global top 500 apps and the results have been shocking. Our findings showed us that 95% of these apps fail basic security checks.

Now hiring