How to secure the online shopping process

    With the widespread use of EMV-standard bank cards, the risks of offline fraud have declined markedly, but how is the situation with online fraud? What measures can shops, banks and consumers take to deal with it more effectively?

    For American retailers, Black Friday has long been one of the busiest trading days of the year. Coming on the first Friday after Thanksgiving, it symbolizes the beginning of the Christmas sales season, when retailers enter into relentless competition, offering customers huge discounts and numerous promotional offers. According to the National Retail Federation, around 150 million Americans made purchases during Black Friday 2015, with an average check of $ 300.

    Over the past few years, Black Friday has noticeably changed, reflecting changes in consumer habits and preferences. In almost the same way as during the rest of the year, customers on this day increasingly prefer to make purchases not in traditional stores, but via the Internet. According to Adobe Digital Research, this time the share of online purchases in the total number of purchases increased by 14% compared to Black Friday of the previous year, while a decrease in the number of purchases in offline stores was recorded.

    In addition, “Black Friday” has become global in nature, which is also due to the development and widespread penetration of online trading. From London to Sydney, from South Africa to Siberia - more and more often you can find shops offering special promotions dedicated to Black Friday.

    Unfortunately, this trend is popular not only with buyers: fraudsters are also actively exploring the Internet space, which is associated both with high online trading volumes and the high efficiency of mechanisms to combat fraud in offline transactions.

    The year 2015 will go down in the history of digital technologies as the year when, in order to counter the physical cloning of bank cards in the USA, the EMV standard was finally adopted, which provides for the simultaneous use of a chip and a PIN code. This standard is widely used all over the world and is an effective solution for countering fraudulent activities with bank cards in the presence of a card holder. So, according to the UK Card Association, thanks to the introduction of EMV, the amount of damage from fraudulent transactions decreased from 505 million pounds in 2004 to 340 million pounds in 2011.

    However, today, as a result of the introduction of EMV, the number of fraudulent transactions in the presence of bank card holders has sharply decreased, cybercriminals have begun to actively exploit the Internet space, as a result of which the number of fraudulent transactions in the absence of bank card holders (“card-not-present”, CNP) has increased . The amount of damage from fraudulent activities with bank cards in the UK today has grown again and amounts to 479 million pounds, with half of this amount accounted for by CNP transactions.

    Ecommerce Security

    Along with the growth of e-commerce, the question arises more and more: how can retailers make online transactions as secure and verifiable as transactions using a chip and PIN verification in offline supermarkets?

    The good news is that there are already many solutions on the market that verify the authenticity of the buyer and the accuracy of the payment details, and also ensure that the retailer is indeed the real and responsible recipient of the buyer’s data.

    Two-factor authentication technology (2FA) is one of the most common tools to prevent online fraud. This technology can be implemented in a wide variety of forms, from Apple Pay biometric sensors and data encryption using smartphones to SnapScan technology based on QR codes, which is used, for example, by Standard Bank in the Republic of South Africa, where a user processes a payment transaction You must have a verified phone equipped with a camera.

    Meanwhile, the Mexican bank BBVA Bancomer offers its customers EMV standard bank cards that are equipped with a new type of CSV code - a three-digit code or “security code”, which is located on the back of most cards in most payment cards - for the purpose of confirming CNP payments. Instead of a static security code, a solution using the Dynamic Code Verification (DCV) is implemented here. At the same time, every 20 minutes a new verification code is generated, which is displayed for the card holder either on a small screen built into the card or is generated on the application installed on the phone.

    Thus, even in the event of theft of bank card data as a result of any leakage, in the absence of the current DCV code required for two-factor authentication, the remaining details of the payment card are practically useless for the attacker.

    The challenge facing retailers

    The European Union is pushing for two-factor authentication for all online transactions. According to recommendations published by the European Banking Authority in 2013, payment service providers should explore the possibilities and implement two-factor authentication tools in advance - even before the adoption of the new Payment Services Directive, which will be signed and will enter into strength over the next two years, and most likely will require service providers to provide all of their customers with two-factor authentication capabilities.

    However, for retailers, the main task remains to ensure convenience for their customers: according to a survey by the Baymard Institute from 2015, in about 68% of cases, buyers never complete the order. The slightest obstacle or inconvenience at the payment stage (for example, the need to use an additional authentication token) increases the likelihood that they will change their mind and will not make a purchase.

    In this case, the use of systems such as DCV can be a significant advantage. Indeed, at the same time, no visible changes occur for either the buyer or the seller - during the payment process, the buyer still enters his bank card details, just like when working with any other system that can currently be installed with seller. The only difference is that the card issuer will have to authenticate the transaction using DCV in a slightly different way than when checking the CSV code.

    Such an innovation can fundamentally change the security situation in the e-commerce industry. And if thanks to this it will be possible to achieve the same effect in the field of combating online fraud, as the introduction of the EMV standard influenced offline threats, then the next “Black Friday” will be not only the largest and largest sale of all time, but also the safest .

    3 tips to make online trading safer

    1. Use strong authentication.
      Implement strong authentication mechanisms - they will help to gain the trust of your customers. Use encryption not only to protect payment processes: by making SSL (Secure Sockets Layer) on your site mandatory for all browsers, you can quickly find out about any phishing attacks made by fake sites using fake security certificates.
    2. Keep your checkout and payment processes safe
      Protect your customers' billing information by implementing secure checkout processes. A prerequisite is working with a reliable and respectable payment system that supports two-factor authentication.
    3. Protect Your Sites from DNS Attacks
      In 2012, the Syrian Electronic Army hacked into the New York Times, Twitter and Huffington Post sites by modifying DNS records and redirecting user traffic. To protect against such attacks, make sure your site meets the requirements of DNSSEC standards.

    Also popular now: