COMMENT
The Solution for Securing Internet Payments At Entrust Datacard, we’ ve found that using consumers’ mobile devices is one of the most effective methods for authenticating transactions. When a new transaction is initiated, an“ out of band” notification can be easily sent to a user’ s mobile device for verification and confirmation, providing a simple, yet secure way to mitigate the threat of card not present attacks, as well as more complex MITB and skimming attacks.
Each of the three payment network stakeholders – merchants, PSPs and banks – play a role in this scenario, but the customer’ s card issuing bank is the most critical, as it is ultimately the party that accepts or refuses the transaction. This is why at Entrust, we believe card issuing banks should take steps to manage authenticating transactions.
When card issuing banks implement transaction verification, cardholders are protected regardless of where the purchase or payment originated.
Solutions like Entrust IdentityGuard send payment transactions as a notification to the user, similar to an alert from Facebook. Then, to authenticate the transaction, the user simply needs to click the notification to open the banking application, review the transaction and either approve or reject it.
Even if the payment transaction was originated on the same mobile device which contains the user’ s digital ID, Entrust IdentityGuard will always send the transaction“ out-of-band” in a separate secure communications channel from that which was used for the purchase. If a higher assurance level is required, Entrust’ s solution may be complemented by alternatives from the E IdentityGuard platform including Question and Answer, National ID card, Credit Card, one-time-password and fingerprints.
The transaction will Always be Completed Entrust understands that reaching a consumer via their mobile device is not always possible. This is why we recommend banks use a solution that also has the ability to digitally sign transactions presented on a Web page. Our Entrust IdentityGuard solution uses an encrypted QR code that can be displayed within the online merchant’ s browser, scanned by the mobile application and provides an 8-digit digital signature that can be entered into the merchant’ s system. This simple integration at the merchant, payment service provider or card-issuing bank level allows for the transaction to be completed securely.
By creating an experience similar to viewing a Facebook post or approving a Linkedin post, and supplying security without a password – meaning there is nothing for the user to forget – the Entrust IdentityGuard solution creates positive user experiences and can lead to a reduction in cart abandonment rates.
Frustrating criminals, protecting customers While criminal hackers have quickly adapted their methods and targets to avoid security fixes introduced through EMV solutions – banks play a critical role in reducing theft committed through card-not-present fraudulent transactions.
Provided they take immediate steps to incorporate strong authentication, banks can take this year to reduce CNP fraud and protect customer accounts and improve customer trust and engagement. www. intelligentcio. com INTELLIGENTCIO
25