Card scheme security initiatives explained
In recent years eCommerce consumer payment volumes have ballooned. Due to consumers' appetite for purchasing a wide range of goods and services online Datamonitor estimates that European consumer online spend i.e. the value of goods and services purchased and paid for online using any payment mechanism, in 2002, amounted to almost EUR40 billion. Yet, despite this impressive growth there is some concern that rising online card fraud is deterring some consumers from transacting online or from doing so as frequently as they would like. The major card schemes such as Visa, MasterCard and Maestro have sought to address this problem by developing security initiatives that make it more difficult to use a credit or debit fraudulently online. Most recently the card schemes have launched Verified by Visa, MasterCard SecureCode and Maestro's eCommerce.
Card not present (CNP) fraud is on the increase
Although it is widely believed that credit cards remain a safe way to purchase goods and services online, it is also recognised that online card fraud is on the increase. For example, Visa USA has revealed that fraud related to eCommerce now accounts for 10 per cent of the fraud it records despite eCommerce accounting for only five per cent of sales volumes. Card not present (CNP) fraud, of which online fraud is a component, is also rapidly increasing in significance. According to Visa EU statistics, CNP fraud now accounts for 23 per cent of total card fraud up from eight per cent in 1997 and 20 per cent in 2000.
Authentication in the online environment is problematic
In an offline environment credit cards can be authenticated at the point of sale. The merchant verifies that the individual making the purchase is also the person to whom the card belongs by checking the signature the cardholder provides with that on the reverse of the card. If the signatures match, and the card is verified, the sale is agreed. In an online environment, and indeed via other channels such as mail order and over the telephone, authentication is more difficult. The merchant is unable to see the card or to verify a signature. This weakness gives rise to CNP fraud since ultimately anybody can provide anybody else's credit card details and assuming the card has not been reported lost or stolen and the funds are available, the sale will be agreed.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.