Reducing fraud in transactions without a physical card

Payment transactions in which a physical card is not presented, for example via phone or Internet, are convenient and popular – but also a major target for fraud attacks.
mph_hotnews_cnp_whitepaper.jpg

The EMV Migration Forum, a cross-industry body created by the Smart Card Alliance in 2012 for stakeholders to address topics that require industry cooperation and coordination for successful migration to EMV technology in the United States, has tackled the challenge that the Card-Not-Present channels (CNP) bring with them. Morpho and the other members of the Card-Not-Present Fraud Working Committee came together to provide an overview of the solutions to reduce fraud in the CNP channels. An optimal solution is one that adds security and limits hassle in the user experience.

The committee took a close look at authentication methods, anti-fraud tools, 3-D Secure and tokenization*. All methods and tools were analyzed from the perspective of customers, merchants, acquirers and issuers. "Our goal was to provide information with which merchants, card issuers and acquirers can construct security solutions in order to strengthen their systems against various vulnerabilities and better protect systems from attacks and fraud," explained Fernando Ulbrich, Pre-Sales Manager for Mobile Payment & Biometrics Solutions, Technical Consultant Manager for EMV at Morpho and member of the EMV Migration Forum. "Our finding is that no single security mechanism can protect against all possible fraud scenarios. Instead, the best practice to protect against Card-Not-Present fraud is to use a systematic, multi-layered approach using tools that work together to create a successful fraud reduction program."

Biometric authentication methods can play an integral part in reducing Card-Not-Present fraud since they add an additional layer of security with limited hassle for the user. In some cases the authentication process can become even easier and more secure than the current username and password form. "Based on our experience, we recommend the use of biometrics for mobile authentication. For example we have developed algorithms that can be embedded in mobile applications for payment and authentication via face recognition with live detection. The user experience is great – all you need to do is hold the phone up to your face and in less than a second you are authenticated."

All findings of the working committee and a detailed guide for merchants, issuers and acquirers to construct solutions to strengthen their systems can be found in the official White Paper "Near-Term Solutions to Address the Growing Threat of Card-Not-Present Fraud".

For more information about using biometrics to fight fraud please contact us.

* Authentication methods: device authentication, one-time passwords, randomized PIN pads, and biometrics. Anti-Fraud tools: proprietary data and transactional data used for fraud analysis and risk management and validation services. 3-D Secure: messaging protocol that enables real-time cardholder authentication during an online transaction. Tokenization: technique which replaces card data with surrogate values (i.e. "tokens") that are unusable by outsiders and have no value outside of a specific merchant or acceptance channel.