Juniper research reported that card fraud (CNP fraud), which is committed by card-not–present criminals, will hit $71 Billion between 2017-2021. This includes remote physical goods transactions, which are the primary target of online fraudsters.
In the next few years, this will average $14.2 million annually. CNP fraud, which is expected to be 4X higher than physical, points-of-sale fraud (POS), in 2018, will continue to grow as eCommerce and mCommerce become more popular.
CNP fraud does not pose a threat far away but is a present danger that does not discriminate. Anyone can become a victim.
Customers and vendors need protection against sophisticated cybercriminals, who are becoming increasingly sophisticated in security breaches.
The good news is there are advanced prevention and detection tools available that could protect everyone involved in CNP transactions. 3D Secure was identified as one of the most effective tools against CNP fraud, alongside machine learning and biometrics.
In conjunction with the 3DS2 protocol’s finalization this year, PCI SSC (Payment Card Industry Security Standards Council), has released a new standard for 3DS2 support.
The PCI 3DS Data Matrix, a supporting documentation to be used together with the PCI 3DS, is the PCI 3DS Data Matrix. It is used to identify data elements most commonly found in 3D Secure transactions. It basically consists of two tables that contain different data categories, a 3DS Data Element with descriptions of each 3D Secure Core component, and the PCI 3DS Data Element.
The first table contains 3DS sensitive data that must conform to PCI 3DS Core Security Standard specifications, while the second contains 3DS encryption keys that must generate and store in an HSM.
Different data categories include Authentication Challenge Data or Public Key Data.
The PCI SSC issued the new standard to specifically address 3DS2 Protocol environments.
This goal is to increase security for online payments. As mentioned previously, CNP fraud continues to increase. Online criminals use increasingly sophisticated techniques to access customer account details and to facilitate fraudulent transactions.
The online marketplace is changing, and mobile transactions will continue to be dominant in the coming years.
The different functionalities of the 3DS2 Protocol make it more adaptable to the changing marketplace and growing threat levels. It makes it a favorite defense mechanism against online payment fraud.
As such, PCI 3DS Core Security Standard is designed to support the 3DS 2 authentication system by helping to protect 3D Secure components which are crucial to the transaction.