Multilayered Authentication Best Practices for CNP Merchants After the EMV Migration
By Manav Gupta
Less than a quarter of 48 national retailers surveyed recently said they have implemented EMV technology. While the migration has turned out to be a marathon rather than a sprint, the impacts have been seen fairly quickly. As 2016 progresses, more CP (card-present) merchants will integrate card-chip compatible terminals into their POS (point-of-sale) systems. Although complete migration is expected to take up to seven years, CNP (card-not-present) merchants will struggle with increased fraud as criminals shift online to more vulnerable remote payments.
Multilayered authentication is critical for preventing card-not-present (CNP) fraud. A layered approach enables merchants to safeguard payments at all levels. Combined with the industry best practices outlined below, merchants can offset the detrimental impacts of EMV on CNP payments and fraud.
Authentication is a way for merchants to validate both the legitimacy of the card itself as well as the identify of the person attempting to use it to make a purchase. Authentication is a top priority in the fight against CNP fraud because the merchant cannot view the actual credit card. There are a variety of ways to authenticate CNP payments:
* Device authentication – confirms a certain device has been used for the transaction
* One-time password (OTP) – a password that can only be used once and is often time-sensitive
* Randomized PIN pad – allows consumers to enter a PIN and use a debit-enabled debit or credit card
* Biometric factors – a process that validates a consumer from a mobile device using tools such as facial recognition, voice recognition or fingerprint scanners
Experts advise online companies to use a combination of at least two authentication methods. This approach will insulate merchants against CNP fraud more effectively.
"A layered approach to security is essential in the online and mobile environment since fraudsters have proven quite adept at compromising any single point solution," said Julie Conroy, Research Director with Aite Group, a firm with a focus on technology and its effects on the financial services industry.
Proprietary and transactional data assist with risk management and fraud prevention. Merchants, issuers and acquirers own proprietary data, which consists of lists of high-risk credit cards, email addresses, IP addresses and other similar information. Transactional data is information collected at the time of payment such as name and shipping address.
Address Verification Services (AVS)
Credit card companies and issuing banks provide Address Verification Services (AVS) to merchants in order to check submitted billing addresses. This is usually done during the authorization process on the credit card. Merchants will receive one of six codes from their payment processor to indicate what areas matched. AVS is very useful as part of a risk solution. Information provided through AVS can indicate whether a transaction is authentic or fraudulent.
3-D Secure (3DS)
Currently, this tool is a secure communication protocol that offers real-time cardholder authentication straight from the issuer during an online transaction. Payment networks have created products to enhance this method of fraud detection. This authentication technology is similar to the "chip-and-PIN" approach. It asks consumers to enter a unique PIN to authenticate the cardholder's identity at the time of purchase. 3DS is beneficial to merchants because it can help reduce fraud, particularly when it's used with other risk management tools.
This method is designed to replace card values with different values called tokens. They are unusable by any outsiders. Also, only specific merchants or channels have access. One of the most important aspects of this approach is that merchants never have to store sensitive data and don't need to alter how payments are accepted or authorized. Tokenization is an important fraud tool for merchants because the data remains secure. Plus, since the token includes the last four digits of the credit card, it can be verified easily.
| Small Business Newz is an iEntry, Inc. ® publication - 1998-2016 All Rights Reserved
iEntry, Inc. 851 Corporate Drive, Lexington, KY 40503
| --This email is a service of SmallBusinessNewz--
To Be Taken Off This Mailing, Visit This Page.
For other support inquiries go here.