One of last year's most anticipated advances in fraud management was the final release of EMVCo's 3D Secure 2.0 protocol specification. Designed to take a risk-based approach to authorization and lower the checkout friction of its predecessor, 3DS2 will be a new tool in the growing anti-fraud arsenal.
In e-commerce and mobile commerce the problem of false declines is significant, especially during the holidays. Issuers decline transactions that online merchants approve. And vice versa. In other words, the necessary process of sorting out fraud from good transactions catches good transactions with the bad. This poor decision making means merchants lose the sale and the issuer its transaction fees.
Digital identity is the black hole of the internet. Our online lives simply aren't protected by a system without strong authentication. Killing the password is Mission One for security professionals because they're so readily stolen through phishing attacks and malware. Users, warned to make passwords complex and unique, have no hope of remembering them. And a password is simply one factor of secure authentication. Biometrics and data, when used in combination, can relieve password fatigue and, for the relying party, increase security substantially, bringing some light to that dark place on the internet.
Chargebacks are one of the card system's great consumer benefits. If fraud happens, the merchant doesn't deliver on what was promised, or you're charged six times for something you bought just once, the chargeback mechanism returns your money or restores your credit. What's not to like? Well, if you're a merchant, a lot. While there are plenty of legitimate chargebacks, there are also consumers who take advantage of the system through "friendly fraud," the "I didn't do it" chargeback category abused by all too many.
The 3D Secure protocols, one for each network, that connect ecommerce merchants to the cardholder’s issuer, has had a rough go. But after ten years, smarter application of the tool and, in particular, risk-based usage makes it more attractive to both issuers and merchants.
We all know EMV is coming to the U.S and that it will take years to build a complete EMV security perimeter. But the work starts with issuers sending out chip cards to their customers. Take a listen to this conversation with Chase’s Dina DeMerell, Director, Card Services Chip Security, to hear how Chase is deploying EMV credit, debit, prepaid and co-branded card products. She wasn’t kidding about their accelerated push of credit cards to frequent transactors. I received my new EMV United co-branded card the day after we spoke - and it wasn't special treatment.
Decisions about point of sale transactions are largely made using card data alone but in e-commerce the merchant has to use a rich mix of data sources to manage fraud. The merchant is, after all, liable for both the transaction as well as the goods or services lost due to fraud.
EMV and its moving parts presents a far more complex payments method for merchants, ISVs, payment processors, and financial institutions than the good old magstripe. It continues to have ramifications throughout the payments ecosystem.
Realtime, consumer-facing authorization of card payment transactions has been available for some time but few of us have it offered to us by our issuers. Today, there's a number of technology providers selling truly realtime notifications and two-way approval requests based on the live authorization stream.
