As Global trends continue to project thriving developments in the field of technology, it is safe to say that ecommerce industry will change the notion of conventional business-to-consumer relationships. A plethora of facts and figures lead to the conclusion that online payment industry is continually gaining public's trust and reaching larger masses.
A survey conducted by PWC in February 2016 revealed some surprising statistics. The survey covered 5 continents, more than 25 countries and engaged about 23,000 ecommerce consumers. The report ranked China as the biggest online shopping industry where 65 percent of the shoppers deal with online payments atleast once a month and 19.6 percent shop online daily.
Keeping in consideration the reservations about online payments that surround a large segment of the ecommerce industry, it is astonishing to know that China's population is not as concerned as the rest of the world. One reason behind this trust can be the radical measures that the government of China has taken. In December 2015, the People's Bank of China revised the administrative measures for online payment industry of non-bank payment institutions called the 'Measures'. Coming into effect in July 2016, the conduct will no longer allow the storage of customers' personal information including chip information on bank's card, track information and the verification codes. Furthermore, Non-Bank Payment Institutions (NBPIs) will be signing agreements with the merchants for the prohibition of storing and sharing any sensitive information. It is expected that the Measures will have a great impact on the progression of ecommerce and internet finance sector in China.
While China is a country where people have demonstrated trust over online payments, there are still some countries where payment industry is striving to gain people's confidence. The recent cyber heist of $80 million in Bangladesh took the payment industry by storm. Just a small spelling mistake saved about $20 million. Still it cost the governor of Central Bank of Bangladesh his seat. This incident must have raised questions about payment security among the people not only in Bangladesh but in other countries as well.
Bangladesh is a developing country but the disquiet revolving around payment security is fairly similar to that in developed countries. According to a survey conducted by Cyber Security in 2015 on request of European Commission, Directorate-General for Home Affairs, European base identified some concerns relating online shopping. The statistics were gathered in 28 European Union countries. About 27,868 people from different demographic groups were questioned face-to-face about using internet for online payments and banking. Misuse of private data (43 percent compared to 37 percent in 2013) and security of online payments (42 percent compared to 35 percent in 2013) were the two major concerns that came to the front. It should be noted here that there are nearly 150,000 malicious software circulating in the premises of European countries, affecting about a million people every day through cybercrimes.
Types of Fraud:
-- Phishing: it is a very common technique to get hold on consumer's information by fraudulently sneaking in an institution's proprietary information. Emails containing compelling language, asking for urgent financial information should be steered clear of as they direct the consumers to bogus websites.
-- ACH Fraud: with the increase in online payments, ACH frauds are also growing. ACH frauds are devised through the Automated Clearing House financial transaction network which acts as a hub for funds transfer in United States electronically. Identity fraud, ACH kiting and account hijacking are all parts of the ACH fraud methodology where accounts are accessed through unauthorised ACH payments routed to an account controlled by hackers.
-- Clean Fraud: over past few years, clean fraud has dangerously increased in online payment industry. The primary reason behind it is the inability to distinguish between a legitimate order and a fraudulent order. The thieves provide more and better personal information in card-not-present transactions, convincing enough to fool a merchant.
Ways to prevent Fraud:
-- PCI Compliance: the first step a merchant/payment entity can take to make payments more secure is PCI DSS compliance. There are comprehensive security requirements that can make a significant difference in protecting consumers' confidential information.
-- Encryption: merchants/payment entity must ensure the legitimacy of websites that operate financial transactions. Proper and high end encryption minimises the possibilities of cyber-attacks by creating an added layer of protection for customers.
-- Payment Gateways: payment gateways can be taken as the new generation money guards. A payment gateway developed by a credible company can be integrated with any ecommerce website which provides a safe login environment, out of the jurisdiction of the merchant itself. Moreover, if it is PCI DSS compliant, it can greatly reduce the risks related to online payments.
Technologies for Payment Security
-- PCI Point-to-Point Encryption Solution: it can be a solution provided by a third party solution provider. It encrypts the consumer information from the point of sale (swipe or dip) until it lands at the solution provider's secure environment for decryption. A payment gateway, an acquirer or a processor belonging to a third party can be a P2PE solution provider, taking full responsibility of development, integration and management of P2PE solution for its merchant clients.
-Risk Based Authentication (RBA) for MasterCard SecureCode: MasterCard SecureCode utilizes 3-D Secure protocol to authenticate ecommerce transactions at the point-of-interaction (POI). RBA allows the associated issuers to look into every authentication request through MasterCard SecureCode. It can significantly improve the whole ecommerce consumer experience by providing a robust infrastructure for fraud management.
-- Verified by VISA: it protects the consumer card data against fraud and unauthorised use. It works on two quick steps to authenticate a purchase:
-- A personal message that only the consumer and their bank knows
-- A Verified by VISA password
-- EMV: it is a global standard which helps in securing credit and debit cards payments by utilising chip cards at the merchant's end. The merchant is required to be compliant with the infrastructure that accepts EMV chips. These chip cards enable security against any action that compromises consumers' sensitive information including counterfeit, theft, skimming, etc.
NFC: NFC (Near Field Communication) is one of the emerging technologies, striving to provide protection to consumer transactions. It cannot be considered as a payment technology, however, it comprises of an array of standards which empowers proximity-based communication between devices normally used by the consumers including personal computers, tablets and mobile phones. NFC offers a very intuitive user-interface, making mobile payment processing hassle free. NFC is also compatible with the latest contactless payment acceptance infrastructure using which a mobile device compliant with NFC can remain in contact with the point of sale (POS) system, accepting contactless payment cards.
Application Sandboxing: this method isolates the payment application from any suspicious set of programs including malware, unverified third parties, untrusted websites and users, etc.
Biometric Authentication: this method is significantly useful for mobile payments as a consumer's mobile cannot be unlocked without automated verification based on physical characteristic. Voice recognition, fingerprint authentication, face recognition and iris prints are all included in biometric authentication parameters.