Is the 3D Secure protocol secure from hackers ??

E-Commerce and E-Tailing have gained huge popularity in the past few years. Online shopping has become popular amongst all sectors and ages. Ease of use and convenience make online shopping even more lucrative. Major share in the online transactions comes under the cash free mechanism supported by online banking facilities and credit/debit cards.

CNP (Card Not Present) payment transactions offer frictionless shopping experience but related frauds are increasingly becoming a prime area of concern for the underlying card issuing authorities and concerned financial institutions.

3-D Secure protocol was designed with the aim of verify cardholder identity during CNP transactions. As a part of the authentication process, a cardholder can be challenged to enter their authentication credential such as a Static Password, a Knowledge-based Response (QnA) or a One-Time Password (OTP) before a transaction is authorized. The protocol has seen huge success in the fast few years due to the increasing popularity of cash-free transactions.

The various implementations of 3-D Secure program including Verified by Visa, MasterCard SecureCode, American Express SafeKey and Diners Club ProtectBuy are keenly observant on the latest cyber-attack trends and introduce relevant updates to actively prevent and fight cyber frauds as and when they occur.

The basic 3-D Secure protocol has helped issuers reduce CNP fraud, however there a few areas of concern are still existent.

These are majorly influence by the fact that during online transactions, the normally used physical methods of authentication are not available. Hence, it’s not possible to check the customer’s license or passport for every transaction that’s being made. Thus, in the scenarios where the cardholder’s authentication credentials have been completely compromised, the fraudster may impersonate as the legitimate user and commit fully-authenticated fraudulent transactions.

The 3-D Secure protocols assumes that any user providing the correct credentials is the legitimate user of that card, and often foresees the probability of a criminal using compromised credentials as it follows the same authentication flow for the genuine and fraudulent transactions.

With the current state of increasing cyber-crime, security as provided by the 3 D secure algorithm has been proven insufficient by the cyber criminals. Stronger authentication approaches need to be implemented to fight the increasing financial cyber fraud. The effective use of intelligence and analytics to identify legitimate cardholders may be seen as a step further in this direction. With these techniques in action, some additional parameters may be used in conjunction with the already existing ones to authenticate a transaction. These factors may encompass device identification, merchant details, geo-location and historical user behavior to identify a suspicious transaction. It’s important to use the most reliable form of authentication for these transactions as the goal is to take all available steps to deny the transactions that are true fraud as part of the assessment.

Related posts

Leave a Comment