As online fraud increases, so does the importance of solutions to manage the issue, including the option of using two-factor authentication.
In February 2014, Visa made an announcement that from 1 October 2014, online merchants who meet specific criteria – namely those who experience a high percentage of e-commerce fraud or simply operate in an industry category that experiences high levels of fraud as a percentage of sales – must use Verified by Visa (VbV) to add security to their online transactions.
Information released by Visa says merchants typically targeted via online fraud include airlines, computer retailers, software sellers, electronics retailers, music sites, telecommunications providers, travel and gambling sites.
Blessing or curse?
Some e-commerce merchants will welcome the addition of VbV, but others may not be so enthusiastic. While such services as VbV and MasterCard SecureCode, also known as two-factor authentication, undoubtedly improve security in the online payments world, they also add an extra step to the purchase process for customers. Consequently, two-factor authentication may be perceived as a potential barrier to sales.
Statistics tell us that something needs to be done to improve online payment security. Data from the Australian Payments Clearing Association (APCA) reveals that instances of online fraud in Australia rose 5 per cent in the 12 months to 30 June 2013. Online fraud – involving more than 1.05 million fraudulent transactions – now costs $198.9 million annually.
Two-factor authentication is actually in operation every day at ATMs. The first form of authentication is the simple possession of a bank card. The second form of authentication is entering a PIN. But for online transactions, the first step – possession of a card – is something merchants can’t confirm. Online payment fraud is also known as “card-not-present fraud”, and it represents the bulk of fraud committed on Australian-issued cards.
How two-factor authentication works
So, what are VbV and MasterCard SecureCode?
VbV adds a second level of authentication by sending the cardholder to a password request page. MasterCard SecureCode involves the cardholder registering and creating a private PIN (their SecureCode), which they are asked to enter each time they make a purchase at a participating online retailer.
While both methods lengthen the checkout process, they are also believed to improve levels of trust and increase dollars spent on sites that use the technology.
No fraud prevention mechanism is foolproof
For merchants, two-factor authentication is not foolproof nor is it a complete security solution. Proper online security measures involve running an analysis of the private customer information you hold and where you keep it, managing storage and access permissions for this data, and putting in place a full security plan, including various third-party tools and services – or using the services of a third-party provider that offers such security.
Custom installation of the two-factor authentication systems on a merchant’s account can also add expense and effort for the merchant but, once again, they may also simply choose a third-party provider, such as SecurePay, that offers such security measures and more.
As financial organisations such as Visa and MasterCard become more vigilant around card fraud, merchants who follow suit will earn greater trust from their current and potential customers, will have an extra marketing tool to use to attract new business and will also be doing the e-commerce industry a favour by making damaging fraud cases far less likely.