Card-not-present transactions under attack

Commerce shifts make online purchases a ripe target for fraud; here’s how card issuers can fight back

Driven by increased mobile commerce, a general growth in online retail shopping, and the expected stemming of point-of-sale fraud with wider adoption of chip cards, attacks against online transactions have grown. Card-not-present fraud increased by 40 percent in 2016, according to Javelin Strategy & Research.

Financial Institutions need solutions that holistically secure transactions, optimize the user experience, and prevent fraud in the booming online payment landscape. Recent industry developments, complemented by new product offerings from CA Technologies, will help financial institutions — and especially credit and debit card issuers – successfully prepare for the ongoing challenges.

Payment industry progress

New advancements in 3-D Secure, a payment industry protocol that was co-written over 15 years ago by Visa and Arcot Systems (acquired by CA Technologies), has been updated to reflect today’s online commerce trends. EMVCo has released EMV 3-D Secure 2.0 (3DS 2.0), which is optimized for mobile and traditional web browser transactions.

The new protocol makes important additional e-commerce transaction metadata available over the 3-D Secure 1.0.2 protocol, including an extensive set of device data. This enhanced data will enable even greater fraud prevention gains for those customers who participate in cardholder authentication programs based on 3-D Secure.

Stop fraud faster and more accurately

CA Technologies is dedicated to leading the market when it comes to innovative payment security solutions and we consistently leverage industry advancements for our customers. As an example, we recently launched a new product, CA Risk Analytics Network, that will work across all 3-D Secure protocol versions (including EMV 3DS 2.0) and provide card issuers with major benefits such as an additional 25 percent1 savings in fraud losses or a 35 percent1 reduction in false positives).

Sharing global network transaction data

The CA Risk Analytics Network leverages a global network of transaction data gathered by CA Technologies industry-leading CA Payment Security Suite platform. CA Risk Analytics Network is the only industry consortium to use real-time behavioral analytics and machine learning to prevent fraud while providing a frictionless cardholder experience.

It uses the vast repository of device and transaction data from CA’s global consortium of card issuers to identify fraud in real-time, recognizing when a card and / or device has been associated with a prior fraudulent or risky transaction.

This feature is particularly beneficial where fraud rings are operating or where card account data has been sold or traded on the dark web. In these cases, it is common to see sets of transactions attempted in a very short time span, coming from a relatively small set of devices.

By using device identification across the global issuer consortium, CA Risk Analytics Network strengthens network members’ defense against these “smash and grab” style attacks. It leverages a large set of account data in a short space of time, especially where the underlying account in isolation may not have been previously associated with fraudulent, or even risky, transaction activity.

Identifying risky transactions in real time

Fraudsters steal account data and try to complete their attacks before the card issuer’s defenses have had time to react. CA Risk Analytics Network’s advanced neural model learns and adapts to fraudulent and risky transaction behavior in real time (typically under 5 milliseconds) to stay ahead of organized fraudster activity.

For example, after identifying a risky transaction associated with a device, the very next transaction that involves that same device will be recognized as fraudulent – even if it arrives milliseconds later or is associated with a different underlying account.

CA’s solution is distinct from other “real-time” network techniques that may make data available to fraud operations personnel in real-time but without the underlying model adapting its behavior in real-time. CA Risk Analytics Network applies neural network models that truly learn and adapt in real time and apply that data to a customer’s fraud model to stop the very next fraudulent transaction attempt.

For more information, tune in to our on-demand briefing on CA Risk Analytics Network:

1CA Data Science Team Simulation of current customer base over a 90-day period

James is a visionary technology expert, strategist, and product management leader specializing in e-commerce payment…


Modern Software Factory Hub

Your source for the tips, tools and insights to power your digital transformation.
Read more >
Low-Code Development: The Latest Killer Tool in the Agile Toolkit?What Are “Irresistible” APIs and Why Does Akamai's Kirsten Hunter Love Them?Persado's Assaf Baciu Is Engineering AI to Understand How You Feel