Multi-factor authentication tabled as solution to Australia’s $443 million online card fraud problem
Article by Tom Watson
Whipping out a debit or credit card to pay for an online shopping spree is a familiar move for many Aussies, but it seems that card fraudsters are just as infatuated with the idea, and it’s costing cardholders hundreds of millions of dollars a year.
According to recent data from the Australian Payments Network (AusPayNet), ‘card not present’ (CPN) fraud - which uses an individual's card information without the physical card being used - accounts for over 80% of all card fraud in Australia, or roughly $443 million between July 2016 and June 2017.
While CNP fraud is generally associated with online purchases, it can also be perpetrated over the phone or via mail, and because it utilises legitimate card information, it makes it hard for merchants and providers to identify fraudulent from legitimate transactions.
Following a call from the RBA’s Payment Systems Board last month to come up with and implement a strategy to combat CNP fraud within the next six months, AusPayNet came together with 70 industry stakeholders to address the issue.
"By joining forces through a whole of industry approach we can up the ante on combating online card fraud to achieve the same impact our roll-out of chip technology had on reducing fraud in the face-to-face environment,” said CEO of AusPayNet, Dr Leila Fourie, in a statement released on Tuesday.
Increased security measures
One of the main conclusions to come out of the stakeholder meeting was the possibility of adopting multi-factor authentication (also known as two-step or two-factor) as a secondary security initiative to combat CNP fraud.
By adding an additional layer of security to the payment process, multi-factor authentication in the form of biometrics (such as a fingerprint scan) or a confidential pin shared between the provider and customer, could help verify that the payment came from the actual cardholder.
Aside from multi-factor authentication, another technological solution that has been recently floated to combat CNP fraud is the integration of ‘dynamic’ CVV (Card Verification Value) numbers on debit and credit cards.
Unlike a normal CVV number (the three digit code on the back of your card), a dynamic CVV number would constantly change, for example once an hour - making it near impossible for a fraudster to successfully make a transaction without the physical card.
While a consensus may have been reached towards an increased adoption of multi-factor authentication measures, AusPayNet did note that extra security measures may frustrate some shoppers and could therefore be reserved for unusual or particularly high-risk transactions.
"We can reduce fraud without negatively impacting the online customer experience through intelligent friction that balances security and convenience," said Dr. Fourie.
Given that it still may be some time before we start seeing Aussie online shoppers using multi-factor authentication for their credit card purchases, it’s never a bad idea to brush up on some security measures.
Luckily our handy credit card fraud guide could give you some of the information and tips you need to avoid becoming a victim of fraud!