Dr. Thomas Fromherz, Head of Payment and Card Services, Netcetera
Better security and convenience when shopping online using a credit card: customers, retailers, and card issuers alike are reaping the benefits of modern authentication methods using smartphone apps and effective risk analysis.
In online retailing, classic authentication of credit card transactions by entering the card number, CVV, expiry date and name of the cardholder has never really provided adequate protection against fraud. This is why Visa created the 3-D Secure (3DS) protocol back in 1998. Today it is used by every card issuer. 3DS helps prevent fraud by adding an additional level of authentication involving the buyer.
In its simplest incarnation, the cardholder enters a static password they chose upon registering the card. This can be countered relatively easily, though, as scammers invariably know many ways of finding out someone’s password. People also quite often forget their password, and this results in many cancelled transactions and requests for information – an irritation to both buyers and retailers alike.
Dynamic rather than static
A dynamic password, i.e. a fresh password that is generated with every transaction and sent to the customer via a separate channel, for example by text message, is more convenient and secure. The mTAN method has completely replaced the static password in many situations. The customer no longer has to memorize anything – they just have to enter the code they receive when checking out. It is even more user-friendly to omit this step, too: The state-of-the-art authentication method involves using a mobile app on a smartphone, which in turn displays payment details such as the amount and receiving party for verification by the customer. The transaction can then be authenticated at a click of a button. The app communicates with the authentication server via a secure data channel, separate from the store’s own communications.
Minimise risks, make things easier for customers
The majority of transactions are legitimate – only a small percentage are fraudulent. Using a preliminary risk analysis system, it is even possible to eliminate the authentication on the customer’s side, which makes the process even more user-friendly. This could be used for transactions that match the profile of the customer’s past purchasing behavior, for example. The risk analysis system can also be simultaneously used to spot and block fraudulent transactions. Credit card issuers are increasingly using the services of third parties to manage the authentication process. Netcetera provides access to 3DS infrastructure with modern authentication and risk analysis processes. Its highly secure services are hosted in Switzerland, and can easily be integrated into existing solutions.
This environment meets the high security requirements of Visa and MasterCard and is PCI DSS certified. The 3DS infrastructure is also an important component of SwissWallet, the payment solution recently launched by Netcetera, the Aduno Group, and Swisscard.