Original CA Blog by Carol Alexander, Sr. Director, Product Marketing, Authentication & Payment Security aleca01
Information sharing, flexibility and multi-factor authentication is valid and needed, but for online transactions, risk-based authentication offers even more security improvements.
The e-commerce landscape is changing rapidly because of a complex, interconnected set of market dynamics and overlapping stakeholder needs. Regulatory efforts are well intentioned and provide a consistent framework but can miss vital risk aspects that banks must address for the strongest success.
Four fundamental factors are critical to success across the e-commerce stakeholder spectrum:
- Security
- Reliability
- Ease of use
- Interoperability.
Addressing the planning and infrastructure development necessary to achieve success and manage the cost implications requires sharp focus and nimble response starting with seamless authentication solutions – an area I see having a significant gap when considering government policies currently in place.
Dynamic and interconnected drivers
A key driver for the growth in the electronic payments market and the escalating need for better authentication solutions is consumer demand. Consumers want greater convenience for payments whenever and wherever they are – they want better access to banking and e-commerce services without exposing themselves to undue risk – and they expect the process to be easy.
Let’s let the numbers do the talking: Worldwide online retail sales were approximately 5.9 percent ($1.3 trillion) of total retail sales in 2014. China and the United Kingdom (U.K.) surpass the United States (U.S.) with higher proportions of online-to-total retail sales (10 percent, 13 percent and 6.5 percent respectively). By 2016, e-commerce overall is expected to account for approximately $398 billion of all U.S. retail sales. And in Europe, online retailers are expanding 14.2 times faster than conventional retail outlets.
With e-commerce transaction volume this staggering and 2015 business-to-consumer (B2C) growth expected to be over 20 percent worldwide, it’s no wonder the cost of fraud losses for merchants has also risen. In the U.S. retailers report that 0.68 percent of revenue was lost to fraud in 2014 versus 0.51 percent in 2013.
We’ve recently talked about government responses worldwide in the regulatory environment and the progress made with actions such as President Obama’s mandate for multi-factor authentication, the European Banking Authority (EBA) Guidelines for Internet security, and the European Union’s revised Payments Services Directive (PSD). Government policy plays an important role in leading the call for industry collaboration and can fuel growth by bolstering consumer confidence.
However, regulatory efforts alone miss vital components of arobust cybersecurity framework – payment industry stakeholders need to lead development and creation of the solutions to ensure the fundamentals are met when battling fraud. This leading role is important because banks and retailers have learned valuable lessons over the years about consumer and criminal behavior in card-not-present (CNP) environments. User convenience and expectation of securely sharing their information also drive what is needed to build the best authentication choices.
The above touches just a few factors in the mobile revolution prompting experts to rethink the payments authentication process completely. There is currently a lot of focus in the industry and in regulatory bodies on two-factor, multi-factor and biometric authentication. The issue I have with the guidelines, mandates and general buzz is the failure to provide emphasis on one of the most effective forms of authentication – risk-based authentication. The use of sophisticated authentication models that determine the validity of a user with data such as device characteristics, location and behavior is the best way to identify legitimate users and combat fraud. It’s more difficult for a fraudster to mimic behavior than to steal a credential. Risk analytics are also more readily adaptable to the changing fraud landscape.
I believe consideration of risk authentication and advanced analytics must be included in these mandates to truly improve ecommerce security. Every product developed at CA Technologies for payment security puts flexible authentication at the forefront, right alongside proven and reliable security. Our data scientists and technologists are committed to the continuous evolution of the analytics to not only make the transactions safe but also make it easy for the user to do what they set out to do – buy!
Original Post URL: https://blogs.ca.com/2015/03/27/whats-missing-in-government-policy-to-secure-e-commerce-growth/