CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy.
Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate—across mobile, private and public cloud, distributed and mainframe environments.
The Payment Card Industry Data Security Standard (PCI DSS) was first introduced in 2004 to increase controls over credit card holder data and to reduce the chances of credit card fraud. Validation is required annually and over the years, it has evolved with new revisions periodically. The latest one, version 3.2 came into force in April 2016. Until the end of January 2018, PCI DSS and Payment Application Data Security Standards (PA-DSS) are considered best practice to implement, and starting February 1, 2018, are considered a requirement.
It’s not exactly breaking news that cardholder security is front and center of the payments ecosystem “to do” list. And, with that, the search for a solution that keeps cardholder data secure without compromising the consumer experience at checkout. Nowhere is this more important than online, where the incidences of fraud are increasing, and it becomes harder to authenticate the user.
The explosive growth of eCommerce has focused attention on security concerns associated with online payment transactions. Cardholders worry about the safety of online transactions while card issuers are concerned about balancing the risks and costs of payment fraud with a loss of revenue caused by transaction abandonment. The 3-D Secure protocol allows payment card issuers to reduce fraud in payment transactions by verifying cardholder identity during Card Not Present (CNP) transactions. Before a transaction is authorized, a cardholder can be challenged to enter a password, answer a question, or use some other form of authentication credential. This interruption in the transaction often causes legitimate customers to abandon the purchase resulting in loss of revenue for the issuer. The challenge is how to reduce fraud without impacting the user purchase experience.
A2P (Application to Person) messaging has underpinned this transformation, across a wealth of new use cases and new verticals. Historically, A2P was used for alerts and, as PSMS (Premium SMS), as a billing mechanism and carrier for simple content and services, both for one-off downloads or actions (eg voting) and for recurring payments. The latter use case has declined markedly in the past 5 years, due largely to the transition to an app-based economy, largely driven by card billing and by regulatory action (in markets such as the US and UK) against fraudsters.
The Payment Card Industry Data Security Standard (PCI DSS) is a global security program created to increase confidence in the payment card industry and reduce risks to PCI members, merchants, service providers and consumers. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud.