payments - Retail Systems

Recommendations

Info

RS supplement CNP fraud 26 RS June - July 2012 Reversing trends More than half of all fraud cases involve card not present (CNP) transactions, but recent figures reveal that improvements are reversing an upward trend and providing more protection and security for both customers and merchants. Wayne Tuckfield investigates Every year, millions of shoppers make purchases without their card being swiped or using chip and PIN, whether that is through the internet, over the telephone or by mail order – with internet sales particularly seeing massive growth over the last decade. These Card Not Present (CNP) purchases are obviously vital to the retail sector, but the fact neither the card nor the cardholder are there when the payment goes through exposes a clear fraud risk. More than half of all fraud cases involve CNP transactions, but recent figures reveal that improvements are reversing an upward trend and providing more protection and security for both customers and merchants. According to financialfraudaction.org,uk CNP fraud peaked in 2008 at a massive £328.4 million, but since then we have seen year-on-year decreases down to £220.9m. But what is driving this improvement, and what can be done to make sure that trend continues into the future? The secret of the success in recent years, according to Nick Mothershaw, UK and Ireland director of ID and fraud for Experian, is more robust processes for detecting fraud before it happens. “Detection processes are getting more and more successful all the time so the number of frauds going through is reduced. 3D Secure, like MasterCard Secure and Verified by Visa, is being used more and that’s helping prevent fraud. “The system we offer, for example, looks for repeated patterns of use. Transactions can be allowed through and stored away, aimed at getting as many good transactions through as possible – and if there are any problems we can refer it to the merchant.” However, it’s not all good news for retailers, as some customers grow frustrated by ever more complex security devices and often scrap their purchases before they complete. Complex security “The abandonment rates are quite shocking,” Mothershaw adds. “So much revenue is lost because people don’t carry on after a bad experience. They get asked for their address, long card numbers, CVV codes, 3D Secure codes and passwords, which all slow them down and often they just stop. “We are working on establishing someone’s ID and putting that on their mobile phone. Then if you want to continue you just have to give your credentials. We send a code to your device and that code is entered into the website. It’s quick and easy, but it might take three to five years to roll-out because there are standards to meet.” Ian Harmon, product marketing manager at Thales e-Security, backs up the point that customers must find purchases simple. “Retailers are faced with a dilemma when it comes to online security and fraud. It’s very expensive to upgrade systems and consumers don’t like these measures as they impact convenience. Consequently, many merchants prefer to risk losses from CNP fraud rather than invest in improved security.
“A more convenient token based on a mobile phone is how the market is likely to evolve which will at least start addressing the customer inconvenience problem. Let’s face it, the average person these days doesn’t leave the house without their chosen mobile device, and therefore will always have one available to provide authentication.” This mix of security and convenience is vital to keeping your customers both happy and protected, adds Sascha Breite, managing director of SIX Payment Services. “It is very important to show customers that you have a secure website – showing that you have authentication and also a security certificate. These things are easy to achieve but must be done. “The more convenient your system is, the better – and that is why mobile devices will be so important. In Germany for example, 80 per cent of the market is using smartphones so your applications should be shaped to separate devices. “Offering one-click payment like Amazon is important too. Merchants can store customer details to save them entering them again and again. But for that the customer must trust the merchant.” However, risks go far beyond internet payments, and one of the main areas targeted by the fraudsters is call centres, according to Graham Thompson, sales and marketing director for Semafone. Fraudster targets “Because chip and PIN has eliminated a lot of fraud in shops, and 3D Secure has done the same in e-commerce, there is increased fraud in the mail order telephone industry, where people contact call centres to make fraudulent purchases. “You also have criminal gangs infiltrating centres, working hard to build up to management and then hiring other members, or gangs leaning on call centre workers to get them to pass on details. “There is no authentication process for the cardholder to identify themselves, but we are looking at ways to change that. We want to utilise mobile phones but the challenge is that phones are not yet seen as secure devices themselves, but I’m sure that will come within the next few years.” Investment in new systems and new technology has played an important role towards the reduction of CNP fraud in recent years, but how vital is it to continue that investment in the future? Neira Jones, head of payment security for Barclaycard, believes sophisticated screening tools introduced in recent years have been instrumental. “New technologies, such as those using behavioural real-time session analysis as opposed to traditional transaction analysis, are making great strides to combat CNP fraud. The growth of MasterCard Secure and Verified by Visa has definitely played a major role,” she said. However, she is reluctant to say investment in new technology is needed right now, believing that openness can be every bit as important. CNP fraud supplement “Solving the problem of fraud doesn’t necessarily mean investment in new technology. There is a perception that security is always a technology issue, but I disagree. I have often heard problems with security being tarnished as too expensive, complicated, hindering innovation and something for the ‘techies’ to deal with. Most worryingly, opinions that data breaches ‘won’t happen to me’. It’s only when experiencing a crisis that everyone pays attention and starts pointing the finger. “Conversely, the information security community has also been, in the main, guilty of perpetrating a certain mystique by relishing in the kind of techno-speak business colleagues will never be interested in. Dispelling myths “Therefore it’s vital for everyone within the industry to start talking about security in plain English, to dispel these myths. Security should be an inherent and recognised part of any business at all levels. At the risk of being trite, it’s about people, processes and technology, and sometimes just changing a process can make you more secure.” So while things are improving, the fraudsters are always looking for new methods of infiltrating security – so what about the future. SIX Payment Service’s Briete adds: “Online merchants will have their security in place by now, but what will be important is to get the trust of cardholders and bring the use of mobile phones together. We will have contactless cards until we get contactless phones. “But we have to be open and make some hard decisions about what technology comes through. It’s 10 years since the start of contactless technology and I now feel something is changing in the market, but that will take another five years.” But with the general view seeming to be that the next huge change will be mobile phone authentication and contactless devices – still a few years away – what methods of payment security are going to bridge that gap to protect customers and take on the criminals? Maria Jose Goncalves, director of the retail market for WeDo Technologies, believes there are already systems in place to help. “Studies have shown that people are using PayPal much more now and new options of payments like mobile phones have to be looked at. There have been so many stories of credit card abuses that people are using other types of payment. Of course there is always a risk, but they are much smaller when using a service like PayPal, which is controlled and offers a different type of validation.” She adds that the PCI’s Security Standards Code will also have an important job to do going forward. “There needs to be support for the development of more secure systems, and if we are going to start using mobile phones for payments then all stakeholders will have to be involved in that process. If you don’t know how things are working and changing then you cannot control them.” RS June - July 2012 RS 27
Page 1 and 2: Sponsored by awards Celebrating Inn
Page 3 and 4: FIRST CHOICE FOR TECHNOLOGY PURCHAS
Page 5 and 6: RS Editor Karen Moss karen.moss@ret
Page 7 and 8: Standing the test of time A Traditi
Page 9 and 10: Click & Collect elsewhere John Lewi
Page 11 and 12: FOCUS Retail systems multi-channel
Page 13 and 14: challenge against LoveFilm although
Page 15 and 16: Maximise your online revenues by bl
Page 17 and 18: A breathe of fresh air Casio’s ne
Page 19 and 20: Continental style Retail Systems fi
Page 21 and 22: at a glance MAY PayPal’s 15 milli
Page 23 and 24: thoughts from the frontline With th
Page 25 and 26: SBU, Wipro Technologies, says: “W
Page 27: contents 26..... Underlying risk Mo
Page 31 and 32: strategies, says Richard Paterson,
Page 33 and 34: Aqil Nasser, Debenhams’ technical
Page 35 and 36: you’re looking for. So, this is i
Page 37 and 38: environment. Anyone who is a servic
Page 39 and 40: GT: So you’ve got the token, you
Page 41 and 42: soapbox During a time of economic s
Page 43 and 44: While facial recognition technology
Page 45 and 46: type solution within its armoury th
Page 47 and 48: Unpredictable weather patterns are
Page 49 and 50: A subscription to Retail Systems gu
Page 51 and 52: Imagine the scenario - a young fema
Page 53 and 54: Don’t miss out To be kept up-to-d
Page 55 and 56: direct commerce software D I R E C
Page 57 and 58: D I R E C T O R Y O F K E Y P L A Y
Page 59 and 60: D I R E C T O R Y O F K E Y P L A Y
Page 61 and 62: Keith Bird is CEO of e-commerce pla
Page 63 and 64: The Fifth Annual Retail Systems Mul

payments - Retail Systems

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?