Please enable JavaScript to view the comments powered by Disqus.

We use cookies on our website to give you the best online experience. Please know that if you continue to browse on our site, you agree to this use. You can always block or disable cookies using your browser settings. To find out more, please review our privacy policy.

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

April 5, 2021

New Tools to Fight Online Fraud

When consumers shift payments channels, criminals do, too. We have discussed this point in post after post. We've also written on how the pandemic has had a seismic effect on digital payments during the pandemic. This chart sums up the growth pretty handily.

chart 01 of 01: EcommerceSales Year over Year

Even before the pandemic contributed to this spike, criminals had been using purloined payment card credentials and in-store or curbside pickup to take advantage of the growth in digital payments. (In-person pickup allows criminals to quickly put their hands on their ill-gotten gains.) To improve ecommerce security, the industry began developing technical specifications and protocols, and in late 2019, the Mobile Payments Industry Workgroup (MPIW) formed a working group to provide a better understanding of these protocols and specifications. This working group published its findings in an educational white paperOff-site link just last month. (The MPIWOff-site link was facilitated by the Federal Reserve Banks of Boston and Atlanta.)

Among these specifications and protocols the white paper explains is the 3-Domain Secure protocol, released in December 2018, and the initial Secure Remote Commerce specifications, published in June 2019 (both from EMVCoOff-site link). It also discusses the WebAuthn specification, which came on the scene in March 2019 and was a product of the World Wide Web (W3C) consortiumOff-site link working with the Fast Identity Online (FIDO) AllianceOff-site link. The white paper identifies the key challenges to adopting these protocols and provides guidance about how they may complement one another to enhance the security of the online and mobile channels.

All these fraud mitigation tools are in their early stages of adoption, with additional development and functionality to come. In the meantime, we hope that the white paper provides you with a solid foundation of knowledge of these new tools and how the industry continues its battle against fraudulent payment activity.