The Retailer Spring Edition 2023

SPRING 2023

21

New fraud protection tech and consumer authentication Thankfully innovation is already happening, most notably in the form of two new technologies: Delegated Authentication and Secure Payment Confirmation (SPC). Delegated Authentication allows merchants to carry out SCA on behalf of issuing banks, avoiding the risk of hand-offs and bank authentication journeys. Meanwhile, SPC enables issuing banks to put credentials into web browsers, which can be used to initiate device level authentication. The combination of device level credential (possession) and device level authentication (knowledge/inherence) constitutes the two factors needed to satisfy SCA in both these methods. The authentication arms race These technologies are central to an efficient authentication strategy for merchants. They promise an improved balance between keeping consumers secure and engaged. Fraudsters however are never far behind and are already refining their strategies in response to SCA. Online criminals are always finding new ways to improve their social engineering techniques and the enforcement of SCA has only accelerated their efforts. A prime example of this is iSpoof, a Fraud as a Service (FaaS) application allowing criminals to make calls that appear to come from tax offices, banks, and other legitimate authorities. Fraudsters were using this service to harvest credentials from consumers, such as 3DS One Time Passcodes (OTPs). The UK police recently crashed this operation, uncovering a database of 59,000 fraud suspects11. While SCA has been an important step forward for those on the right side of the law, as we’ve seen fraudsters are quick to adapt. We believe that innovative new technologies are going to be the driving force behind a move towards stronger and easier authentication. Learn more about Accertify’s Payment Optimisation solutions here.

Sources 1. European Central Bank https:/ www.ecb.europa.eu/pub/cardfraud/html/ecb. cardfraudreport201809.en.html#toc5 2. UK Finance Annual Fraud Report https://www.ukfinance.org.uk/system/files/2021-11/Fraud-the facts-August-2018.pdf 3. EBA 17/01 22 https://www.eba.europa.eu/regulation-and-policy/ payment-services-and-electronic-money/discussion-paper-payment-fraud-data-received-under-psd2 3. Accertify.com https://www.accertify.com/solutions/payment-optimisation/ 4. Payments Cards and Mobile 10/11/19 https:/ www.paymentscardsandmobile.com/ worldwide-trends-in-increasing-payment-regulation-and-3d-secure-2-0/ 5. Medium.com 07/11/21 https://medium.com/akeo-tech/ psd2-and-sca-whats-happening-in-2021-in-europe-49f3576ec589 6. Arcot Scorecard 02/23 https://mcusercontent.com/fb4de4665233025104484875c/ files/5fb61164-62a5-81ce-42e9-1b32659a73a0/scorecard_global_external_ monthly_2023_02_01_2023_02_28.pdf 7. Central Bank of India https://www.centralbankofindia.co.in/sites/default/files/Debit_card_ policy_2022_23.pdf 8. Australian Payments Network https://www.auspaynet.com.au/insights/initiatives/ CNP-Fraud-Mitigation-Framework 9. Consumer Financial Protection Bureau https:/ www.consumerfinance.gov/compliance/circulars/ circular-2022-04-insufficient-data-protection-or-security-for-sensitive-consumer-information/ 10. Action Fraud Website 24/11.22 https://www.actionfraud.police.uk/news/ more-than-100-arrests-in-uks-biggest-ever-fraud-operation

Jon Swan