Staying one step ahead
According to figures from the UK Card Association, remote purchase fraud using debit and credit cards reached £174.5m in the first half of 2014, a year -on-year increase of 23%1. So what do merchants need to be aware of and how can they and the card payments industry guard against online fraud? We spoke to Steven Bisoffi, Senior Manager Card Schemes & Regulation, Lloyds Bank Commercial Card & Acquiring Solutions to find out more.
“The dominant factor giving rise to an increase in online card payment fraud is a result of more stringent security surrounding face-to-face card transactions,“ Steven explained. “It’s also an outcome of the sheer increase in e-Payments we see today. With annual growth in overall payment card spending of 7% in 2014, that’s a trend that looks set to continue2.”
So how can the industry respond? “More training for people generally on how to shop or make online payments safely and securely would be a good starting point,” said Steven. “For merchants looking to start taking online payments, their first step should be to speak to their card acquirer to understand the mandatory rules in place for taking card payments across the internet and what else they can do to make sure their card transactions are secure.
This could encompass putting in place additional checks or understanding whether there are any further products or services that can be offered to help prevent fraud or cyber-crime. For their part, the acquirer will need to ensure that the merchant is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), which will help to prevent the theft of data.
Staying one step ahead
Industry regulators are working hard to keep pace with technology and stay one step ahead of cyber-criminals. Complying with the PCI DSS requirements currently in place helps to prevent security breaches which potentially lead to identity theft. The European Central Bank has also published its ‘Recommendations for the Security of Internet Payments’, which are designed to:
- Protect the initiation of internet payments, as well as access to sensitive payment data, by improving customer authentication.
- Limit the number of log-in or authentication attempts; define rules for internet payment service session ‘time out’ and set time limits for the validity of authentication.
- Establish transaction monitoring mechanisms designed to prevent, detect and block fraudulent payment transactions.
- Implement multiple layers of security defences in order to mitigate identified risks.
- Provide assistance and guidance to customers about best online security practices, set up alerts and provide tools to help customers monitor transactions3.
Evolving fraud prevention
Financial institutions also continue to develop solutions to protect themselves and their customers from fraud, as Steven pointed out. “Over the last 20 years financial institutions have led a number of initiatives. Chip and PIN for example, not only reduces face-to-face fraud, but makes card cloning from online access to data difficult. Promotion of schemes such as Verified by Visa and 3D Secure, as well as enforcement of the PCI DSS regulations, are helping to tackle fraud.
At Cardnet we work with other major card acquirers, card issuers, international card schemes and merchants of all sizes to ensure compliance with mandatory rules and regulations, and we offer ongoing guidance and support to our customers to help combat fraud. As cyber-crime becomes more sophisticated, our solutions to fight it will continue to evolve.”