Online And Mobile Retail Payments Authentication: Preventing Fraud in the Age of Data Breaches and Malware

In 2012, online retail payments reached 7.4% ($318 billion) of all retail transactions. The thriving online market is an increasing target for fraudsters, particularly with EMV, or “Chip and PIN,” expected to significantly curtail card fraud at the point of sale, or POS, by 2017. Online transactions, especially card-not-present, or CNP, are a means for fraudsters both to steal and misuse consumer data. Data breaches and malware are developing into the primary means of compromise of consumer credentials, resulting in billions of dollars in consumer fraud losses in 2012. Meanwhile, the staples of online merchant account and transaction authentication such as passwords, static security questions, Card Verification Value (CVV), and Address Verification System (AVS) are being rendered obsolete by fraud trends and eclipsed by new technologies such as out-of-band one-time passwords, biometrics, and technologies using non-intrusive back-end data. Merchants need to surmount unfounded fears of consumer backlash to newer, more secure authentication measures. Familiarity will breed comfort and confidence, and merchants’ primary decision-making factor should be effectiveness.

Primary Questions

• What challenges do stakeholders face in authenticating online and mobile retail payments?
• How do consumers perceive various authentication solutions?
• Which solutions are currently relied upon for online and mobile retail payment authentication?
• How do underlying payment technologies affect the need for authentication?
• Which solutions are best suited to tackle both present and future authentication challenges?

Companies Mentioned

• An online random-sample panel of 5,249 respondents - October 2012
• An online random-sample panel of 6,651respondents - January 2013
• An online random-sample panel of 3,217 respondents - October 2012