One of the few regions of the world still relying on magnetic stripe technologies, there’s real pressure on the US to join the likes of Canada, the UK and the rest of Europe to adopt the more secure EMV (or Chip and PIN) technology to help combat rising levels of customer fraud.
EMV was specifically designed in the 1990s as a point-of-sale (POS) solution that provided very strong authentication. Today, with so many people using the Internet to purchase goods and services, it’s important that financial services firms and merchants take steps to protect online consumers. Let’s look at what’s currently happening:
3D Secure Controls. These payment security systems, such as Verified by Visa and MasterCard’s Secure Code, provide an added level of protection for ecommerce transactions. When a consumer makes a transaction online, they’re essentially redirected to the card issuer’s website. The consumer will then, typically, enter a password to authenticate the transaction. Although these schemes have had some success in addressing ecommerce fraud, they rely on cardholders registering their password with the issuing bank. This is often optional and, as a result, is frequently bypassed.
Digital Wallets. Cardholders’ lack of confidence in handing over their card details to online retailers, combined with the difficulties faced by small online retailers to get a merchant account, paved the way for PayPal to provide its digital wallet solution. A range of similar offerings soon followed, including the Google Wallet that still only works on Sprint Nexus S 4G phones.
In the last month, Visa has announced the launch of V.me in early 2012. The V.me product will be loaded from a Visa card, MasterCard or bank account and will allow consumers to make purchases without entering their card details. Instead, the cardholder will make a payment by entering a user name and password. In time, we could even see these solutions moving to POS transactions, providing an alternative to Chip and PIN.
PIN Pads and Card Readers. Many European retail banks are now using Chip and PIN over the web to authenticate internet banking transactions. Consumers are issued a small battery-powered PIN pad when they sign up for online banking. When making checking account payments or transfers, consumers must enter their card and confirm their PIN. The PIN pad unit then displays a response code that is keyed into the internet banking site, which validates that the PIN has been entered correctly. The internet banking site issues a code that the cardholder enters into the PIN pad. The PIN pad then generates a response code and the cardholder then keys this code into the internet banking site to validate the payment.
Taking this a step further, Visa—working alongside Secure Key—announced a series of Canadian EMV ecommerce trials earlier this year. As part of the trial, consumers are given a small card reader that plugs into a USB slot on a PC or laptop. The reader establishes a secure connection directly with Visa. As well as authenticating the payment, this solution automatically fills the payment screen with the cardholder’s data using information held on file with Visa.
Could this be the future of ecommerce? It’s perhaps too early to say, but it certainly has potential and will be an interesting one to watch. The cost of card readers is falling dramatically, and they’re becoming small enough and light enough to fit in a wallet. Consequently, we could soon be in a place where ecommerce transactions have the same level of security as EMV point-of-sale transactions.
For now, I suggest online retailers continue to use 3D Secure, backed up by fraud control solutions to authenticate cardholders and limit fraud losses. Looking to the future, innovations based on using EMV Chip and PIN technology over the Internet, coupled with the roll out of EMV cards across the US, could provide a step change in the effective control of fraud for online payments.
John Rozek has over 16 years of experience working at the forefront of the payments industry, and led the team that introduced Chip and PIN to over 120,000 points of sale across the United Kingdom. John was one of the founding members of Polar Moment, a leading provider of business and technical consultancy to the payment industry.