Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Reducing card-not-present fraud using pre-approved transactions
Journal of Payments Strategy & Systems,
10
(1),
50-63
(2016)
Abstract
In this paper, a remarkably simple method to reduce Internet card fraud will be presented, making ‘OFF’ the default for any payment card. First, an in-depth global overview of card fraud figures will be presented based on various sources. Global card fraud is expected to exceed US$35.54 billion annually by 2020. It turns out that most of the countries with mature card markets (defined as countries with high volumes and values of card transactions per inhabitant) experienced high rates of fraud. Card-not-present (CNP) fraud is typically the most common type of fraud experienced. In the next section, the authors explore the reasons why consumers are vulnerable to CNP fraud. Vulnerabilities like phishing attacks, Trojan software, and the man-in-the-browser attack are being discussed, as well as some data breaches. In Europe, legislators are developing regulation addressing the security of Internet payments and this is discussed in a separate section. The new requirements stipulate that the initiation of Internet payments, as well as access to sensitive payment data, should be protected by strong customer authentication. Strong customer authentication is currently widespread, mostly implemented in such a way that users need a special card reader, their smart card, and the use of a lengthy challenge/response procedure. However, in this paper another secure authorisation method is introduced where all payments are blocked by default and users require a dedicated smartphone app to unblock their account for a limited time, thus providing pre-approval for a single payment. The authors argue that the second method offers a superior trade-off for consumers in terms of convenience, integrity, and security. The authors also argue that there is a rationale to explain that the proposed solution, if deployed correctly, can reduce card-related fraud significantly, both for card-present and CNP transactions, and hence is in line with the EU regulator’s ambitions to reduce fraud on Internet payments with cards.
Keywords: card payments; card fraud; card-not-present (CNP) fraud; fraud prevention; strong customer authentication; pre-approval of Internet payments
The full article is available to subscribers to the journal.
Author's Biography
Johan Pouwelse is associate professor at Delft University of Technology in the Netherlands. His research group conducts experimental research in the field of cybercurrency, decentralised markets, self-organising systems, reputation systems, and crowdsourcing. The methodology of the group is proving the validity of novel scientific ideas with thousands of real-world Internet users. The group’s Tribler software is installed by 1.7 million unique users, and it serves as a living laboratory and testing ground for next-generation self-organising systems. Previously he delivered a statement for the FTC in Washington, was a visiting scientist at MIT, and spent several summers at Harvard to study mechanisms for cooperation.
Diederik Bruggink is Managing Director of Bruggink Consultancy and is an independent international expert in cards, payments, and market infrastructures. During his career, he has led and worked on several international and high-visibility projects, mainly with a focus on cashless payments, across the whole payments value chain, from (e-commerce) merchant acquisition through to issuing banks and within card switching and card processing organisations. He was one of the key authors of the first three editions of the ‘World Payments Report’, and he makes regular appearances on conferences in the cards and payments industry. He is a member of the Editorial Board of the Journal of Payments Strategy & Systems.
