The UK is facing a growing crisis at the moment. Since 2010, Card Not Present (CNP) Fraud has cost the UK economy
£1.7 billion, with the number set to increase as UK banks deliberate how to cure the problem. CNP is currently responsible for 70% of card fraud on EMV, a global standard for credit and debit payment
cards based on chip card technology, markets. This isn’t just a UK specific UK problem though and is predicted to result in
$6.4 billion of losses on the US market by 2018 if something isn’t done.
One of the key reasons fraudsters are becoming so successful with CNP is simple – static information.
The information on today’s cards stays the same throughout the life of the card, fraudsters can easily acquire details through methods like skimming and phishing or even by a “person on the inside” saving details used for a previous transaction. Once these
details are in the wrong hands, attackers can make purchases on the card-holder’s behalf without their knowledge.
There are methods that can fight this type of fraud and protect consumers. In other areas consumers are encouraged to continuously change their passwords for their computers or email accounts, to mitigate the threat of being hacked and payment security should
be no different.
Dynamic Code Verification
For consumers, the key with any form of security, and actually technology itself, is convenience. The
average abandonment rate at checkout online is as high as 68.53%, as consumers will discontinue a transaction if it is too time-consuming or complicated. This is why Dynamic Code Verification (DCV),
a solution which allows card issuers to replace the static security (three-digit code on the back of a Mastercard or Visa Card) used for online purchases, with a dynamic code displayed on the customer’s card or potentially in the future in a secure mobile
based application, should be considered a front runner as a security protocol.
DCV’s biggest selling point is offering the security consumers need, without any significant change to the buying process experience.
The DCV does this through changing the three-digit security code on the back of consumers’ cards on a regular basis as decided by the card issuer, but normally every 20 to 40 minutes. This mitigates the risk of fraud by reducing the amount of time that hackers
can use a set of details for before they are changed, but giving sufficient time for the cardholder to complete the transaction.
For example, should someone have their details stolen through a website, the hacker won’t be able to make purchases in the future as the details will have changed. This doesn’t require much input from the consumer either, all they have to do is check the
back of their card when they are making the purchase and complete it within the allotted time.
As the rate of mobile and online payments adoption increases and cash starts to fade away, the problem of CNP is only going to grow. Businesses and banks need to look at the options available to them and accept something needs to be done. Once they do, it’s
important they communicate the security protocols they have in place in order to boost consumer confidence. With any technology, consumer confidence is key. If they don’t believe their data is secure then mass adoption is almost impossible. As hackers become
more sophisticated in their attempts to steal data, providing easy to use methods (such as DCV) is vital in minimising fraud.
With the Payment Services Directive 2 (PSD2) requiring financial institutions to clearly authenticate their customers in a variety of situations, conversations in the industry are still ongoing to understand if DCV alone will be enough to cover many of these
interactions outside of pure CNP payment. What is clear, however, is at the very least such an application combined with PIN based verification may offer a consumer friendly solution to this need.