Online payment fraud and consumer protection in E-commerce

A recent report from research company Juniper has found that online payment fraud will cost the E-commerce industry around US$25 billion within the next 5 years. The figure also takes into account the vast development and integration of anti-fraud technologies and systems like SCA (Strong/Secure Customer Authentication), which has been delayed across certain European countries but is now starting to become more commonplace overall.

The research entitled “Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2020-2024″, identifies that the growing consumer popularity of E-commerce and ‘card-present’ security that is a consequence of the EMV payment standard, has enabled the majority of E-commerce sites to be a prime target for online fraudsters. 

EMV is a type of payment that is based on industry technical standards for smart payment cards which store data on integrated circuit chips. You and I know this as Chip and PIN cards. Originally, the initials stood for the three main companies that created the method “Europay, Mastercard and Visa”. These cards are processed for payment in two steps: reading the card and verifying the transaction where the data flows between the chip on the card and the corresponding financial institution to verify the card’s legitimacy and create the unique transaction data. EMV has also reduced card fraud resulting from counterfeit, lost or stolen cards. The technology also provides interoperability with global payment infrastructure and allows users with EMV cards to use them on any compatible payment terminal.

As technology evolves so do those that abuse it and fraudsters are becoming increasingly sophisticated in their schemes, hence the move in Europe to (SCA) Strong Customer Authentication. SCA is now required under the provisions of the EU Revised Directive on Payment Services by service providers within the European Economic Area (EEA).

In the European Union, actual Chip and PIN card transactions already have acceptably strong customer service authentication however, this is not the case for web-based transactions and numerous contactless card payments that do not use a second authentication factor. SCA came into effect in September last year, but the European Banking Authority has allowed several EEA countries to delay or phase-in SCA implementation. The deadline for this year is the 31^st December.

“Strong Customer Identification” is defined as “an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.”

The report from Juniper emphasizes that unless E-commerce merchants in other continents adopt similar measures to that of SCA – which includes two factor authentication – they will endure increasing levels of sophisticated fraud. Payment gateways will be vital to ensure that these security requirements are implemented at scale.

Juniper adds that further to the need of implementing additional and better security measures, it is important for E-commerce merchants to educate consumers and take on a more educational role, teaching them about cybersecurity practices, fraud methodologies and changes to the checkout process to help mitigate online fraud. 

These measures will be essential in countries such as China, which will account for 42% of all E-commerce payment fraud in the world by 2024. Nick Maynard, the co-author of the report comments that, “The explosion of E-commerce means that fraudsters have evolved their tactics, and so merchants must also evolve. E-commerce merchants must educate their users in anti-fraud best practice, as the human element is consistently the most vulnerable to exploitation in the online payments ecosystem”.

The report also states, “Increased friction in the checkout experience must be minimised, or merchants will face increased ‘cart abandonment’ rates” and recommends that security systems vendors should work with E-commerce merchants to build security measures into shopping apps that ensure “a low-friction user journey, whilst encompassing increased authentication requirements.” 

New anti-fraud security systems have to be extremely robust but their complexities should be minimised and camouflaged at the point-of-sale so that consumers are not deterred by being made to jump through multiple security hoops, and in the process, fail to a complete a transaction.