The growth of e-commerce has commanded billions of dollars in investments from credit card companies, merchants, banks, and venture capitalists. This future however, has gone relatively unsecured.
Despite usage spikes for e-commerce and especially mobile commerce, no amount of investment has yet corralled e-commerce fraud. The rise of card-not-present transactions has been paralleled by spikes in declined transactions, chargebacks, bot attacks, and fraudulent transactions.
Securing E-Commerce: Competing Technology Crowds the Market details the nature of the current state of e-commerce fraud, the options for securing it in the short and long term, and some scenarios for e-commerce security. The report makes the case that the EMVCo consortium and other potential technology entrants need to plan for a more sensibly sustained roll-out of technologies that consider merchants and banks more formidably in the process of fighting e-commerce fraud.
The gauntlet has been thrown for 2019 for securing e-commerce. While the industry tries to solve e-commerce security issues, in many senses it is getting in its own way. EMVco, which has made strides in card-present fraud, is preparing new technologies for e-commerce.
The most promising of these is 3-D Secure, version 2.0 (3DS2), an upgrade of current authentication technology, which is a significant upgrade over the original protocol 3-D Secure (3DS) from the global card network consortium EMVCo that could impact e-commerce and m-commerce fraud frequency and the negative costs associated with it.
Yet, credit card companies are preparing a more aggressive upgrade called Secure Remote Commerce on its heels. Banks and merchants will have a stake in securing e-commerce, but may be confused by rapid-fire roll-outs from EMVco.
Highlights of the research report include:
- Assessment of current technology. For physical retail, securing payments has been a case study in corporate cooperation and developing technology. Unfortunately, the same cannot be said about e-commerce. For card-present transactions, the EMVCo consortium of six companies (American Express, Discover, JCB, Mastercard, UnionPay, and Visa) has shared technology and expertise to solve a crisis that threatens its future growth: payment fraud. In just over five years, EMVCo has produced dramatic results toward securing card-present payments with its chip and PIN technology. Since launching in October 2015, merchants that have installed the EMV card readers at the point of sale have seen a 75% drop in fraudulent charges, compared to a 46% drop for all U.S. merchants. U.S. market share leader Visa says that 97% of all U.S. payment volume ran through EMV cards during the month of June 2018.
- EMVCo’s efforts toward securing e-commerce. 3-D Secure, the e-commerce security solution introduced by EMVCo is not working. The consortium is preparing an update and overhaul of this technology under tremendous pressure from credit card companies, banks, merchants, acquirers, and processors. For traditional banks and emerging financial technology companies, the stakes are high.
- A review of security solutions. A review of the background that has made tokenization the leading candidate to make a significant impact in e-commerce fraud and a look at the two new technologies that could change the game: W3C and digital identity.
- The Cost of E-Commerce Payments Fraud
- The Need to Improve E-Commerce Security Technology
- 3D Secure (3DS)
- Artificial Intelligence: Truth Detector
- Risk-Based Authentication/Proprietary Analytics
- Password Authentication
- Biometrics and Multifactor Authentication
- The W3C Payment API
- Digital Identity Solutions/Self-Sovereign Identity
- American Express
- Best Innovation Group
- Cardinal Commerce
- Decentralised Identity Foundation
- Federal Reserve Bank of Minneapolis
- First Data Corporation
- Government of British Columbia
- Government of Ontario
- International Airlines Group
- Linux Foundation
- Lloyds Bank
- Mozilla Foundation
- National Institute of Standards and Technology (NIST)
- Royal Credit Union
- Sovrin Foundation
- The World Wide Web Consortium (W3C)