Online fraud has increased dramatically over the past decade. Over the years, card schemes have invested millions to reduce the impact of online fraud, implementing additional security mechanisms such as CVC codes and 3-D Secure, and extensive risk scoring systems. Fraud, and fighting it, have become industries of their own. At the beginning of 2013 the European Forum on the Security of Retail Payments (SecuRe Pay Forum) published a set of Internet security recommendations, with support from the ECB (European Central Bank). Together with Innopay, we have written a report to share our interpretation of these recommendations, with a series of additional attention points from our side. We are excited to present the white paper ‘TACKLING INTERNET PAYMENT SECURITY – Insight into the SecuRe Pay Forum Recommendations’.
We put great effort in gathering the most interesting observations and analysis of these recommendations. While this paper is focused on the SecuRe Pay recommendations, it takes a wider approach. We distributed a survey about the SecuRe Pay Forum’s recommendations amongst experts, to gather different industry views. The results of this survey can be found in Annex B and are referred to throughout this paper. In the video below, Mark Baaijens from Innopay will explain more about the topics and the conclusions explored in the report.
The scope of the ECB publication is limited to browser-initiated payments and spans different types of Internet payments including cards, credit transfer, e-mandate and e-money based payments. The SecuRe Pay Forum and ECB recommendations include 14 recommendations, 56 key considerations and 12 best practices, spread over the three basic elements for securing Internet payments: 1) risk management, 2) strong authentication, and 3) consumer education. The recommendations should be implemented by the industry by February 2015.
As ecommerce is growing on a global scale, with it grows concern about Internet payment fraud. These concerns are significantly damaging the prosperity of online commerce. We (Payvision and Innopay) are committed in contributing to initiatives that reduce payment fraud while preserving innovation and a global level playing field (as e-commerce is a borderless environment which should not be addressed with a local or regional approach). This report provides useful insights for professionals in the online payments industry including banks, policy makers, payment scheme operators, merchants, acquirers and payment service providers.
In line with the above, I made a presentation on the subject at EPCA 2014 where I made an overview on how the Recommendations might impact the payments business. And on top of that overall analysis about the whole piece, I made a deeper review of Strong Customer Authentication, as the one recommendation that, in my opinion, might act as a real game changer for the payments arena. And, to end with, I provided the audience with some pieces of advice on how to manage the regulatory risks in order to move towards the right direction, striking a balance between efficiency & growth on the one hand, and safety on the other one.
Download your free copy of the report: Tackling Internet Payment Security.