Near-Term Solutions to Address the Growing Threat of Card-Not-Present Fraud
Publication Date: Version 2.0, July 2016
The ongoing U.S. migration to EMV chip payments is a move that will benefit the entire payments ecosystem by preventing in-person counterfeit card fraud and securing the card-present payment channel. At the same time, securing the card-not-present (CNP) channel is critical. CNP transactions are defined as payment card transactions where the cardholder does not present the card for merchant examination at the time of purchase, such as ecommerce purchases, and purchases or payments made over the phone or by mail.
The white paper, “Near-Term Solutions to Address the Growing Threat of Card-Not-Present Fraud,” developed by the EMV Migration Forum Card-Not-Present Fraud Working Committee, provides an educational resource on the best practices for authentication methods and fraud tools to secure the CNP channel as the U.S. migrates to chip technology.
As the U.S. migrates to EMV chip technology, it’s important that the payments industry makes a concerted effort to protect against the redirection of fraud from in-store to the card-not-present channel. No single security mechanism can protect against all possible fraud scenarios. Instead, the best practice to protect against card-not-present fraud is to use a systematic, multi-layered approach using tools that work together to create a successful fraud reduction program. This white paper provides guidance for merchants, issuers and acquirers to construct solutions to strengthen their systems against vulnerabilities and to better protect transaction data from attacks and fraud as part of their overall EMV implementation strategy.
- Authentication methods: device authentication; one-time passwords; randomized PIN pads; and biometrics
- Fraud tools: proprietary data and transactional data used for fraud analysis and risk management; and validation services
- 3-D Secure: messaging protocol that enables real-time cardholder authentication during an online transaction
- Tokenization: technique which replaces card data with surrogate values (i.e., “tokens”) that are unusable by outsiders and have no value outside of a specific merchant or acceptance channel
This white paper provides information from which merchants, card issuers and acquirers can construct security solutions in order to strengthen their systems against various vulnerabilities and better protect systems from attacks and fraud. The white paper also summarizes the impact on the affected stakeholder groups for each authentication method and fraud tool.
Version 2.0, published in July 2016, adds two appendices — one providing industry definitions of CNP, related industry terms and high-level use cases and one providing a comparison of 3D-Secure Version 1.0.2 and Version 2.0.
About the EMV Migration Forum
The EMV Migration Forum is a cross-industry body focused on supporting the EMV chip implementation steps required for payment networks, issuers, processors, merchants, and consumers to help ensure a successful introduction of more secure chip technology in the United States. The focus of the Forum is to address topics that require some level of industry cooperation and/or coordination to migrate successfully to chip technology in the United States. For more information on the EMV Migration Forum, please visit http://www.emv-connection.com/us-payments-forum/