How to secure the online shopping process
With the ubiquity of EMV standard bank cards, the risks of offline fraud have noticeably decreased, but how does this constitute the situation with online fraud? What measures can shops, banks and consumers take to fight it more effectively?
For American retailers, Black Friday has long been one of the busiest trading days of the year. Coming on the first Friday after Thanksgiving, it symbolizes the beginning of the Christmas sales season, when retailers enter into merciless competition, offering customers huge discounts and numerous promotional offers. According to the National Retail Federation, about 150 million Americans made purchases during Black Friday 2015, with an average check of $ 300.
Over the past few years, Black Friday has noticeably changed, reflecting changes in consumer habits and preferences. Almost the same as throughout the rest of the year, buyers on this day increasingly prefer to make purchases not in traditional stores, but through the Internet. According to Adobe Digital Research, this time the share of online purchases in the total number of purchases increased by 14% compared to last Friday’s “Black Friday”, while there was a decrease in the number of purchases in offline stores.
In addition, "Black Friday" began to acquire a global character, which is also due to the development and widespread penetration of online trading. From London to Sydney, from South Africa to Siberia, it is increasingly possible to find stores offering special promotions dedicated to Black Friday.
')
Unfortunately, this trend is not only popular with buyers: fraudsters are also actively exploring the Internet space, which is associated both with high turnover of online commerce and with high efficiency of mechanisms to counter fraud during offline transactions.
The year 2015 will enter the history of digital technologies as the year when EMV standard was adopted to counteract the physical cloning of bank cards in the United States, involving the simultaneous use of a chip and a PIN code. This standard is widely used throughout the world and is an effective solution to counter fraud with bank cards in the presence of a card holder. Thus, according to the UK Card Association, thanks to the introduction of EMV, the amount of damage from fraudulent operations has decreased from 505 million pounds sterling in 2004 to 340 million pounds sterling in 2011.
However, today, as a result of the introduction of EMV, the number of fraudulent transactions in the presence of bank card holders has drastically decreased, attackers have begun to actively explore the Internet space, with the result that the number of fraudulent transactions in the absence of bank card holders (“card-not-present”, CNP) has increased . The amount of damage from fraud with bank cards in the UK today has grown again and amounts to 479 million pounds, with half of this amount accounted for by the CNP transaction.
Along with the growth of e-commerce, the question of how retailers can make online transactions as safe and controllable as transactions using a chip and checking PIN codes in offline supermarkets is becoming more and more acute?
The good news is that there are already many solutions on the market that authenticate the buyer’s authenticity and the accuracy of the payment details, and also ensure that the retailer is indeed the real and responsible recipient of the customer’s data.
Two-factor authentication technology (2FA) is one of the most common tools for preventing online fraud. This technology can be implemented in a variety of ways, starting with Apple Pay biometric sensors and data encryption using smartphones and ending with SnapScan technology based on QR codes, which is used, for example, by Standard Bank in the Republic of South Africa, where it processes the payment transaction to the user You must have a verified phone equipped with a camera.
Meanwhile, the Mexican bank BBVA Bancomer offers its customers EMV bank cards that are equipped with a new type of CSV code — a three-digit code or “security code”, which is located on the back of the card in most payment cards for confirming CNP payments. Instead of a static security code, a solution is implemented here using Dynamic Code Verification (DCV). At the same time, every 20 minutes a new verification code is generated, which is displayed for the cardholder either on a small screen embedded in the card or generated on the application installed in the phone.
Thus, even in case of theft of bank card data as a result of any leakage, in the absence of the actual DCV code required for two-factor authentication, the remaining details of the payment card are virtually useless for an attacker.
The European Union insists on the introduction of mandatory two-factor authentication for all online transactions. According to recommendations issued by the European Banking Authority in 2013, payment service providers should explore the possibilities and implement two-factor authentication tools in advance - even before the new Payment Services Directive is adopted, which will be signed and entered into over the next two years, and most likely will require service providers to provide all their customers with two-factor authentication capabilities.
However, for retailers, the main task is still to provide convenience for its customers: according to the Baymard Institute survey of 2015, approximately 68% of cases, buyers never complete an order. The slightest obstacle or inconvenience at the payment stage (for example, the need to use an additional authentication token) increases the likelihood that they will change their mind and not make a purchase.
In this case, the use of systems such as DCV can be a significant advantage. After all, there are no visible changes for either the buyer or the seller - in the process of payment, the buyer still enters the data of his bank card, just as when working with any other system that can currently be installed seller. The only difference is that the card issuer will have to authenticate the transaction using DCV a little differently than it happens when checking the CSV code.
Such an innovation can radically change the security situation in the e-commerce industry. And if this helps to achieve the same effect in combating online fraud, as the introduction of the EMV standard affected offline threats, then the next “Black Friday” will be not only the largest and largest sale of all time, but at the same time the safest .
For American retailers, Black Friday has long been one of the busiest trading days of the year. Coming on the first Friday after Thanksgiving, it symbolizes the beginning of the Christmas sales season, when retailers enter into merciless competition, offering customers huge discounts and numerous promotional offers. According to the National Retail Federation, about 150 million Americans made purchases during Black Friday 2015, with an average check of $ 300.
Over the past few years, Black Friday has noticeably changed, reflecting changes in consumer habits and preferences. Almost the same as throughout the rest of the year, buyers on this day increasingly prefer to make purchases not in traditional stores, but through the Internet. According to Adobe Digital Research, this time the share of online purchases in the total number of purchases increased by 14% compared to last Friday’s “Black Friday”, while there was a decrease in the number of purchases in offline stores.
In addition, "Black Friday" began to acquire a global character, which is also due to the development and widespread penetration of online trading. From London to Sydney, from South Africa to Siberia, it is increasingly possible to find stores offering special promotions dedicated to Black Friday.
')
Unfortunately, this trend is not only popular with buyers: fraudsters are also actively exploring the Internet space, which is associated both with high turnover of online commerce and with high efficiency of mechanisms to counter fraud during offline transactions.
The year 2015 will enter the history of digital technologies as the year when EMV standard was adopted to counteract the physical cloning of bank cards in the United States, involving the simultaneous use of a chip and a PIN code. This standard is widely used throughout the world and is an effective solution to counter fraud with bank cards in the presence of a card holder. Thus, according to the UK Card Association, thanks to the introduction of EMV, the amount of damage from fraudulent operations has decreased from 505 million pounds sterling in 2004 to 340 million pounds sterling in 2011.
However, today, as a result of the introduction of EMV, the number of fraudulent transactions in the presence of bank card holders has drastically decreased, attackers have begun to actively explore the Internet space, with the result that the number of fraudulent transactions in the absence of bank card holders (“card-not-present”, CNP) has increased . The amount of damage from fraud with bank cards in the UK today has grown again and amounts to 479 million pounds, with half of this amount accounted for by the CNP transaction.
E-commerce security
Along with the growth of e-commerce, the question of how retailers can make online transactions as safe and controllable as transactions using a chip and checking PIN codes in offline supermarkets is becoming more and more acute?
The good news is that there are already many solutions on the market that authenticate the buyer’s authenticity and the accuracy of the payment details, and also ensure that the retailer is indeed the real and responsible recipient of the customer’s data.
Two-factor authentication technology (2FA) is one of the most common tools for preventing online fraud. This technology can be implemented in a variety of ways, starting with Apple Pay biometric sensors and data encryption using smartphones and ending with SnapScan technology based on QR codes, which is used, for example, by Standard Bank in the Republic of South Africa, where it processes the payment transaction to the user You must have a verified phone equipped with a camera.
Meanwhile, the Mexican bank BBVA Bancomer offers its customers EMV bank cards that are equipped with a new type of CSV code — a three-digit code or “security code”, which is located on the back of the card in most payment cards for confirming CNP payments. Instead of a static security code, a solution is implemented here using Dynamic Code Verification (DCV). At the same time, every 20 minutes a new verification code is generated, which is displayed for the cardholder either on a small screen embedded in the card or generated on the application installed in the phone.
Thus, even in case of theft of bank card data as a result of any leakage, in the absence of the actual DCV code required for two-factor authentication, the remaining details of the payment card are virtually useless for an attacker.
The challenge for retailers
The European Union insists on the introduction of mandatory two-factor authentication for all online transactions. According to recommendations issued by the European Banking Authority in 2013, payment service providers should explore the possibilities and implement two-factor authentication tools in advance - even before the new Payment Services Directive is adopted, which will be signed and entered into over the next two years, and most likely will require service providers to provide all their customers with two-factor authentication capabilities.
However, for retailers, the main task is still to provide convenience for its customers: according to the Baymard Institute survey of 2015, approximately 68% of cases, buyers never complete an order. The slightest obstacle or inconvenience at the payment stage (for example, the need to use an additional authentication token) increases the likelihood that they will change their mind and not make a purchase.
In this case, the use of systems such as DCV can be a significant advantage. After all, there are no visible changes for either the buyer or the seller - in the process of payment, the buyer still enters the data of his bank card, just as when working with any other system that can currently be installed seller. The only difference is that the card issuer will have to authenticate the transaction using DCV a little differently than it happens when checking the CSV code.
Such an innovation can radically change the security situation in the e-commerce industry. And if this helps to achieve the same effect in combating online fraud, as the introduction of the EMV standard affected offline threats, then the next “Black Friday” will be not only the largest and largest sale of all time, but at the same time the safest .
3 tips on how to make online trading more secure
- Use strong authentication
Implement strong authentication mechanisms — they will help you gain the trust of your customers. Use encryption not only to protect payment processes: by making SSL (Secure Sockets Layer) on your site mandatory for all browsers, you will be able to find out as quickly as possible about any phishing attacks made by dummy sites using fake security certificates. - Keep your checkout and payment processes safe
Protect your customers' billing information by implementing secure order processes. A prerequisite is to work with a reliable and respectable payment system that supports two-factor authentication. - Protect your sites from DNS attacks
In 2012, the Syrian e-army hacked the sites of the New York Times, Twitter and Huffington Post, changing the records in the DNS system, and thus redirecting user traffic. To protect against such attacks, make sure your site complies with the DNSSEC standards.
Source: https://habr.com/ru/post/278289/
All Articles