The COVID-19 pandemic has reshaped the modern economy to a degree that few would have predicted. Government-imposed lockdowns demanded that millions of people stay at home, accelerating a shift toward online shopping, entertainment and news media.
Of course, as well as legitimate online activity, there’s also been an unprecedented opportunity for fraudsters and other unscrupulous cybercriminals to target unprepared businesses and individuals.
To safeguard sensitive payment data exchanged between businesses and consumers online, the now mandatory 3D-Secure authentication protocol and Strong Customer Authentication (SCA) requirement, were put in place.
The Continuing Rise of Digital Commerce
Research from Arkose Labs revealed an 85% year-on-year jump in online fraud. This figure comes from the 2022 State of Fraud and Account Security report, which analyzed more than 150 billion transaction requests in more than 254 countries.
The world is devoting more time, money and energy to the Internet than ever before. This trend shows no sign of going away, even as the pandemic recedes. There is very little reason to suppose that this new wave of cybercrime is going to go away, either – unless measures are put in place to slow it.
There is very little appetite among the public to abandon their newfound digital practices. Internet sales, as a proportion of total retail sales, have been climbing fairly steadily since 2006. Branches of banks across the world are closing down as customers make the switch to mobile banking. Major global businesses like Microsoft are touting the benefits of ‘hybrid’ working, which combines remote working with a traditional centralized workplace.
The Arkose report highlights the same trend, echoed in the popularity of meal-delivery services like DoorDash, GrubHub and UberEats. Credit card data from research firm Second Measure reveals a 70% year-on-year increase in spending on these services, recorded in March 2020.
The established online names have been among the chief beneficiaries of this shift. During the early months of the pandemic, Amazon’s share price rose by around 50%, and it’s remained buoyant since then. Other companies, like Zoom, have risen from obscurity. The videoconferencing platform was trading at around $70 at the start of 2020, and peaked at $560 later that same year. Netflix, meanwhile, added sixteen million subscribers over the first quarter of 2020, doubling an earlier projection.
Ease of Payment
Partly as a consequence of the Internet’s ubiquity, online payments are now ingrained in every aspect of our daily lives, allowing consumers to spend their money with ease. This is by design. When Amazon secured a patent for its game-changing ‘one-click’ ordering system, the company removed a barrier to purchase, and thereby gave itself a considerable competitive advantage. This is a trend that’s continued right up to the present day; the fewer stages you have to go through on the way to a purchase, the more likely you are to make that purchase.
Older methods of preventing fraud, like static passwords, have struggled to keep pace with this technological shift. Getting a transaction done quickly usually means storing personal credentials where they can be easily retrieved – not only by legitimate actors, but also by fraudsters.
And consumers are unwilling to surrender this convenience for the sake of security. Thus, banks and financial institutions have needed to develop ever more sophisticated means of deterring fraudsters while still providing frictionless commerce. Since online fraud isn’t just a problem for consumers, but for retailers and financial institutions as well, the need for new security innovations has never been more pressing.
So, what’s the solution?
The solutions to this problem are many and multifaceted. Some are technological. Two-factor authentication, for example, provides a means by which users can identify themselves using something they know (their password), as well as something they own (their mobile phone). Throw in fingerprint scanners and facial-recognition software, and you have an impressive, though not insurmountable, obstacle for malicious third parties.
There are also regulatory steps being taken to combat the problem. In 2015, the European Union ratified the second incarnation of the Payment Services Directive – PSD2. Being a directive rather than a regulation, this collection of measures had to be implemented by member states. Despite Brexit, it’s also coming to the UK, after the Financial Conduct Authority (FCA) set a deadline for its implementation of March 14th, 2022.
The directive leverages the mandatory use of Strong Customer Authentication (SCA) measures in order to bring every online transaction in compliance with the 3D-Secure protocol. However, with the more stringent security requirements comes a more flexible approach to conducting online payments. Thus, the second iteration of the protocol (3DS V.2) introduces an exemption mechanism for low-risk transactions in order to improve the customer experience and payment approval rates.
It is hoped that this new raft of rules will improve cardholder protection while bolstering competition among issuer banks and non-banking financial institutions. It will follow a blueprint set out by the General Data Protection Regulation, and its effects could be just as far-reaching.
DECTA has the answer
DECTA is a global processing company with particular focus on providing technical payment processing solutions. A recent addition to our services is a full-range 3D-Secure authentication solution for Issuers with out-of-band authentication flow and biometric authentication support.
The new solution boasts a number of powerful modules and APIs, and is geared to support a wide range of licensed payment businesses. The core benefits it provides include compliance with the latest payment standards and regulations, more effective fraud prevention, and improved customer experience.
Since 3DS requires a separate license and a dedicated technology stack to run, many issuers are missing this functionality. To address this, DECTA offers a certified ACS module and delivers four different implementation scenarios, depending on the Issuer’s company structure and their current technological capacity:
1. Full card Issuing service package with 3D-Secure implementation;
2. 3D-Secure authentication app with enrollment API support, suitable for Issuers with an existing scoring API and card management system;
3. 3D-Secure authentication app without Enrollment API, recommended for Issuers that do not have a scoring system of their own;
4. Dedicated ACS services for existing authentication solutions.
Santa Kirsbauma, Board Member, Product Offering from DECTA said: “Online fraud is becoming more and more advanced. Thus, we need to ensure that we keep up with the fraudsters. Currently, we have out-of-band and biometry, which are one of the most secure ways to check 3DS.”