Chip and PIN to guard e-commerce at home
Clearing service Apacs plans to secure e-commerce with smart-card readers for home PCs
Following the chip and PIN deadline for high street stores, Apacs last week said that it is now working on ways to transpose the system for internet shopping to combat web-based fraud.
The payment authentication organisation expects online fraud to rise as a result of the high street rollout, which it initiated. Sandra Quinn of Apacs said that it is currently involved in discussions with merchants and financial institutions in an effort to reach agreement on a web version. This would see users connect a device such as a card reader to their home PC, to verify online transactions.
"Chip and PIN will provide us with the main platform [for preventing online fraud] and in a couple of years time we will have handheld devices [to achieve this]," Quinn said. "We have already finished developing standards for the terminal, because it has to be attractive for the customer to use."
However, Steve Carr from payment solutions provider eFunds argued that many online merchants are discouraged from deploying fraud prevention solutions because of the impact they may have on the user experience. "As a retailer you want internet shopping to be a smooth, pain free and reliable experience for the customer,β he said. βIt's a balancing act between the cost of fraud to them, the cost of a [cure] and the need for an acceptable level of customer quality.β
Carr also saw problems with achieving a single solution. "The question is who is responsible [for a unified service]. It is likely that the banks will compete on the services they can provide and the large retailers go it alone," he added.
Nathan Jackson of software verification specialist CyberSource said there were also question marks over who would manufacture and distribute the necessary hardware.
Instead, Jackson said he supported two-factor authentication systems such as Mastercard's SecureCode and Verified by Visa, which rely on an additional password to authorise online transactions. "Payer authentication initiatives [like these] are an evolution in the right direction," he added. "The good thing is that they don't require extra devices, use globally accepted methods and protocols, and our figures show they are [gaining in popularity]."
However, merchant uptake in the UK has been low so far, while the system is limited to Visa and MasterCard payments. Ian Tansley of John Lewis Direct said the company is currently signed up to Verified by Visa and Mastercard's Secure Code schemes, although he recognised that the card giants have not promoted their services very actively up until now. "But we are aware of bank trials [of chip and pin devices] and would welcome any developments to make transactions even more secure," he added.