In this new white paper, learn how it’s possible to block fraud without damaging the customer experience and causing dropoff. Discover how to beat Web crime gangs at their own game without making customers use awkward authentication codes, services, and devices; then learn how to turn a Web visitor’s PC or other device into its own hard security token, letting customers in and keeping fraudsters out. Plus: 6 types of fraud prevention currently in use—including 2 you should never use if you want to keep your customers. Download your free copy now.
How Device Identification
Makes Online Trust Transparent
Introduction
Credit cards have become the de facto credentialing system for global e-commerce, and the reason for this is clear: the ease of use and lack of friction in using credit card credentials has enabled rapid adoption by merchants and customers.
Credit cards were not expressly designed for online purchases. To address this, credit card companies and merchants have put a number of protections and security measures in place, but the incidence of online fraud continues to increase. A significant portion of this increase is attributed to the rise of organized crime gangs and sophisticated threats that include "phishing" attacks, key-logging software, "man-in-the-middle" attacks, and using groups of infected computers - called "botnets" or "zombie" computers - to complete fraudulent credit card transactions.
The challenge is to implement strategies that increase the security of e-commerce transactions without causing friction, and a poor user experience, in the online environment. The stakes are high-potentially billions of dollars annually are lost in "good" sales caused by overly aggressive or broadly-based anti-fraud measures.
For online merchants, financial institutions and others, it is critical to know if the individual initiating an online transaction is authentic. Individuals who perpetrate online fraud can use technology to mask their location and identity so that, especially for first-time customers, it is difficult to distinguish authentic transactions from fraudulent activity.
Financial institutions, online merchants and technology providers have developed solutions that address, with varying levels of effectiveness, these concerns. Many large corporations use "hard tokens" to secure employee access to their networks and insure positive two-factor identification. While these systems work well, the user must have the physical token and enter a number sequence each time the network is accessed. These systems can provide a high degree of assurance, and since the employer mandates
How Device Identification Makes Online Trust Transparent
the network access requirements, the relatively high cost of buying and distributing the hard tokens and a more difficult user experience are not barriers to use.
In many cases, technology that provides greater security requires extra steps in the sign-on or transaction process. While this may be acceptable in a high-ticket B2B environment, it can present a significant barrier for business-to-consumer (B2C) applications. As an example, online merchants, credit card companies and financial institutions have implemented a variety of technologies to provide assurance-some with little impact to the customer experience, and others that can dramatically change how the consumer or small business completes a transaction.
Current Solutions with Minimal Adverse Impact to the Customer Experience A number of solutions are currently used by online merchants that can help to identify potentially fraudulent transactions. These include:
. Credit Card Authorization: As credit card issuers receive a request for authorization, their systems may check for out-of-pattern activity or other indicators that may indicate that an account has been compromised. In these cases, the credit card issuer will contact the customer (usually after the fact) and attempt to verify that the activity is authentic.
. Address Verification Services: After the customer enters his/her payment information, the merchant authorizes the transaction and verifies that the address on file with the credit card issuer matches the billing address entered by the customer. While this provides some assurance, sophisticated criminals often have full information associated with the fraud victim and render this control ineffective.
. Card Verification Code: This helps insure that the individual initiating a transaction has the card physically in hand and can verify the card verification code. While helpful, card verification codes are often acquired by criminals with other credit card data.
. In-house Rules and History: Many merchants have established policies to scrutinize orders that are unusually large, request overnight shipping, etc. or which evidence data collected from previous fraudulent activity (negative f... [download for more]
