Multi-layered protection against ecommerce fraud ?

Payment choices are expanding. Data security tools are advancing and cyber criminals are adapting. Fraudsters are becoming increasingly sophisticated and more efficient in identifying and exploiting vulnerabilities. Ecommerce players are paying more due to fraud and are losing a significantly higher percentage of revenues to fraud.

Online businesses are not only losing revenues due to mean-scheming hackers and fraudsters every single day, but even consumers, globally, are at risk of losing their payment card details, social security numbers, and other sensitive data.

One of the most significant changes in the payments industry over the recent years, has been the fraud liability shift for EMV-enabled cards in October 2015. EMV (which stands for EuroPay, MasterCard, and Visa, the three companies that devised the standard) is a common set of standards for payment applications that use chip-based cards.

Since then, responsibility for card fraud in cases where the card has an EMV chip but the point-of-sale terminal is not equipped to accept EMV transactions has fallen on the merchant, rather than the card issuer.

The EMV chip is a step-up from the magnetic stripe as far as card security is concerned, as it is capable of generating a unique transaction code for every transaction. However, one unfortunate - but not entirely surprising - consequence of the shift to EMV at the point-of-sale has been an increase in ecommerce fraud. Criminals that once relied on using stolen or counterfeit cards at POS terminals have turned their attention to card-not-present fraud in the ecommerce space.

Growing threat

After analysing millions of ecommerce transactions from its client data, Experian revealed that the rates of ecommerce fraud are highest in the US, which increased by 33% in 2016. This was a much bigger increase than expected, compared with the prediction that rates would be at least 15% higher than in 2015.

Cyber fraud rings use cheap labour and multiple computers to attack hundreds of ecommerce sites at the same time. Because these attacks are highly coordinated and the data entered always changes, it's very difficult to detect these attacks.

Examining the reasons behind the growth in ecommerce fraud in the US, Experian noted that 2016 was a record year for data breaches.

According to the Identity Theft Resource Center, the number of data breaches rose by 40% from 2015 to 1,093. Meanwhile, the Federal Trade Commission announced an increase in the proportion of consumers reporting that their stolen data had been used for credit card fraud, from 16% in 2015 to 32% last year.

As far as EMV is concerned, the report suggested that the increased adoption by merchants of chip-and-PIN payment terminals has "had a profound impact on driving up ecommerce attacks".

Multi-layered protection a must

Technically, merchants have been implementing a very limited and basic form of multilayer fraud management for years. For example, any merchant who uses Address Verification Service in conjunction with card security codes or 3D Secure is technically using multiple solutions to prevent fraud.

There are several reasons why a multi-layer approach has become the only viable way to ensure comprehensive protection. It is now essential for online merchants, regardless of where they are based, to not only be aware of the threat of ecommerce fraud, but to have a clear plan in place to defend against it.

There are encouraging signs in this area, with Visa recently arguing that card-not-present fraud has not risen as rapidly as some commentators predicted in the wake of the EMV liability shift. The company said one of the reasons for this is the action ecommerce merchants are taking to tackle fraud.

One of the most effective ways to protect their business and the sensitive data of their customers from fraud attacks is by using multi-layered security systems that are able to learn and evolve.

Experian said: "The value of employing a multi-layered approach to fraud prevention, especially when it comes to authenticating consumers to validate transactions, cannot be understated. By looking at all the points of the customer journey, businesses can better protect themselves from fraud, while maintaining a good consumer experience."

One particularly powerful tool that can help to strengthen your security infrastructure is machine learning. By using software that analyzes and learns from key pieces of data - such as shopping basket profiles and IP addresses - you can better equip your business to identify potentially fraudulent transactions.

Tech-savvy merchants are taking more responsibility for their customers' private data. Staying on top of security requires constant vigilance and growth; however, the approach must be comprehensive and dynamic.

Organisations that secure cardholder data with multiple layers of safety measures will be better able to reduce risk and fraud. That, in turn, will enable more business as new payment technologies arise, and new ways to steal the sensitive data are devised.

Brick-and-mortar, brick-and-click, or completely Web-based, it does not matter where payment transactions take place. Organizations must realize that data security and fraud prevention are essential to the success of their entire business. It is no more a 'choice' but 'priority'.

(The writer is Managing Director, NCR Corporation India)