COMMENT
The Solution for Securing Internet Payments At Entrust Datacard , we ’ ve found that using consumers ’ mobile devices is one of the most effective methods for authenticating transactions . When a new transaction is initiated , an “ out of band ” notification can be easily sent to a user ’ s mobile device for verification and confirmation , providing a simple , yet secure way to mitigate the threat of card not present attacks , as well as more complex MITB and skimming attacks .
Each of the three payment network stakeholders – merchants , PSPs and banks – play a role in this scenario , but the customer ’ s card issuing bank is the most critical , as it is ultimately the party that accepts or refuses the transaction . This is why at Entrust , we believe card issuing banks should take steps to manage authenticating transactions .
When card issuing banks implement transaction verification , cardholders are protected regardless of where the purchase or payment originated .
Solutions like Entrust IdentityGuard send payment transactions as a notification to the user , similar to an alert from Facebook . Then , to authenticate the transaction , the user simply needs to click the notification to open the banking application , review the transaction and either approve or reject it .
Even if the payment transaction was originated on the same mobile device which contains the user ’ s digital ID , Entrust IdentityGuard will always send the transaction “ out-of-band ” in a separate secure communications channel from that which was used for the purchase . If a higher assurance level is required , Entrust ’ s solution may be complemented by alternatives from the E IdentityGuard platform including Question and Answer , National ID card , Credit Card , one-time-password and fingerprints .
The transaction will Always be Completed Entrust understands that reaching a consumer via their mobile device is not always possible . This is why we recommend banks use a solution that also has the ability to digitally sign transactions presented on a Web page . Our Entrust IdentityGuard solution uses an encrypted QR code that can be displayed within the online merchant ’ s browser , scanned by the mobile application and provides an 8-digit digital signature that can be entered into the merchant ’ s system . This simple integration at the merchant , payment service provider or card-issuing bank level allows for the transaction to be completed securely .
By creating an experience similar to viewing a Facebook post or approving a Linkedin post , and supplying security without a password – meaning there is nothing for the user to forget – the Entrust IdentityGuard solution creates positive user experiences and can lead to a reduction in cart abandonment rates .
Frustrating criminals , protecting customers While criminal hackers have quickly adapted their methods and targets to avoid security fixes introduced through EMV solutions – banks play a critical role in reducing theft committed through card-not-present fraudulent transactions .
Provided they take immediate steps to incorporate strong authentication , banks can take this year to reduce CNP fraud and protect customer accounts and improve customer trust and engagement . www . intelligentcio . com INTELLIGENTCIO
25