E-Commerce Times Talkback
See Full Story
The online fraud-fighting field is a crowded one, with a variety of commercial and nonprofit organizations involved in educating consumers, setting e-commerce standards for e-tailers and releasing software designed to nab fraudsters. But despite the wide variety of groups attempting to remedy or keep tabs on Internet fraud, analysts said, virtually no one is scanning the Web in an effort to pinpoint fraudulent e-commerce activities as they are perpetrated.
NFIC/IFW's Susan Grant makes a key point in stating that a "multipronged approach" to consumer protection is what's needed. The same is true for merchant protection. While consumers can suffer greatly from identity theft, it is online merchants who are financially responsible for any fraudulent charges they unwittingly accept.
Several payment providers have announced support for credit card association payer authentication programs. On September 16, CyberSource announced availability of its Payer Authentication Service in the US and the UK. It is the first service to provide merchants instant access to both Visa's "Verified by Visa" and MasterCard's payer authentication programs, as well as complementary fraud screening services.
Currently, Visa's program offers fraud-related chargeback protection on Visa transactions in Europe. The same protection will be extended to US companies in April 2003. Until then merchants will still be financially liable for fraud losses, including chargeback fees.
While the protection afforded to merchants by these programs will be a major benefit, they cannot entirely mitigate the threat of fraud on their own. Because exclusions to chargeback protection apply under certain conditions, merchants should maintain additional fraud protection measures to control overall fraud rates. Additionally, only Visa and MasterCard have introduced authentication programs with phased rollout strategies. Fraud protection for transactions involving other card brands will still be required. Thus, a combination of authentication and fraud tools are required to adequately control fraud.
Merchants should protect themselves by maintaining additional fraud screening technologies such as neural nets and rules based systems. Used in conjunction, these technologies along with payer authentication programs will go a long way toward preventing fraud. In addition, merchants should make sure that they are using a (PKI)-based cryptographic security model to authenticate and secure 100 percent of the transactions processed on their behalf.
Jeff King, Director of Risk Product Management, CyberSource Corporation http://www.cybersource.com