Blog article
See all stories »

The clock is ticking on payment fraud

The UK is facing a growing crisis at the moment. Since 2010, Card Not Present (CNP) Fraud has cost the UK economy £1.7 billion, with the number set to increase as UK banks deliberate how to cure the problem. CNP is currently responsible for 70% of card fraud on EMV, a global standard for credit and debit payment cards based on chip card technology, markets. This isn’t just a UK specific UK problem though and is predicted to result in $6.4 billion of losses on the US market by 2018 if something isn’t done.

Static information

One of the key reasons fraudsters are becoming so successful with CNP is simple – static information.

The information on today’s cards stays the same throughout the life of the card, fraudsters can easily acquire details through methods like skimming and phishing or even by a “person on the inside” saving details used for a previous transaction. Once these details are in the wrong hands, attackers can make purchases on the card-holder’s behalf without their knowledge.

There are methods that can fight this type of fraud and protect consumers. In other areas consumers are encouraged to continuously change their passwords for their computers or email accounts, to mitigate the threat of being hacked and payment security should be no different.

Dynamic Code Verification

For consumers, the key with any form of security, and actually technology itself, is convenience. The average abandonment rate at checkout online is as high as 68.53%, as consumers will discontinue a transaction if it is too time-consuming or complicated. This is why Dynamic Code Verification (DCV), a solution which allows card issuers to replace the static security (three-digit code on the back of a Mastercard or Visa Card) used for online purchases, with a dynamic code displayed on the customer’s card or potentially in the future in a secure mobile based application, should be considered a front runner as a security protocol.

DCV’s biggest selling point is offering the security consumers need, without any significant change to the buying process experience.

The DCV does this through changing the three-digit security code on the back of consumers’ cards on a regular basis as decided by the card issuer, but normally every 20 to 40 minutes. This mitigates the risk of fraud by reducing the amount of time that hackers can use a set of details for before they are changed, but giving sufficient time for the cardholder to complete the transaction.

For example, should someone have their details stolen through a website, the hacker won’t be able to make purchases in the future as the details will have changed. This doesn’t require much input from the consumer either, all they have to do is check the back of their card when they are making the purchase and complete it within the allotted time.


As the rate of mobile and online payments adoption increases and cash starts to fade away, the problem of CNP is only going to grow. Businesses and banks need to look at the options available to them and accept something needs to be done. Once they do, it’s important they communicate the security protocols they have in place in order to boost consumer confidence. With any technology, consumer confidence is key. If they don’t believe their data is secure then mass adoption is almost impossible. As hackers become more sophisticated in their attempts to steal data, providing easy to use methods (such as DCV) is vital in minimising fraud.


With the Payment Services Directive 2 (PSD2) requiring financial institutions to clearly authenticate their customers in a variety of situations, conversations in the industry are still ongoing to understand if DCV alone will be enough to cover many of these interactions outside of pure CNP payment. What is clear, however, is at the very least such an application combined with PIN based verification may offer a consumer friendly solution to this need.


Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 14 October, 2016, 12:591 like 1 like

The critical success factor is the method of communicating the DCV to the cardholder. Banks in India have typically done it thru' SMS (Mobile OTP). That has proven to be a conversion killer because SMSs don't reach on time or at all (Mobile OTP: Cyanide Or Caffeine For Online Payments?). Some banks have launched their own Mobile OTP Apps but have faced poor adoption because consumers can't spare the space on their space-starved smartphones for "yet another app", especially one that's used infrequently. One bank uses a hardware token to secure its Online Banking transactions but has probably found the option too expensive because the same bank went with Mobile OTP when it came to online card transactions. DCVs displayed on the back of the card itself sounds workable provided banks can absorb the higher cost of such cards.