Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Phishing and hacking during e-commerce transactions

Jack Loo | Feb. 20, 2013
But methods such as two-factor authentication reduce the risk of online fraud

Phishing and hacking are some of the challenges merchants and consumers face during e-commerce transactions, according to a Visa executive.

"Today, more goods and services are being sold online, attracting the attention of criminals. Just a few years ago, you cannot even buy a laptop off the Internet," said Ingo Noka, head of Country Risk Management, Visa.

Initially prevalent in the US and Europe, incidents involving data compromises are increasingly common in Asia, observed Noka. Data compromises typically have criminals hacking into processing host systems, stealing vital information from customer databases.

Usually the hacked data is useful not enough for fraudulent activities to be completed. "This is where criminals augment their efforts with methods such as phishing," said Noka.

Phishing is very difficult to combat against as many consumers are not able to distinguish whether an email is designed to extract sensitive information like account numbers and passwords, or if it is a genuine one from the bank, added Noka.

"This is where preventive measures like authentication come in," he said. With authentication in place, information given out by the customer over the Internet will not be enough for criminals to complete their fraudulent activities.

In Singapore, government mandates dictate that all cardholders have to be enrolled into a two-factor authentication. Under this system, every transaction online can only be completed by a one-time password issued by the cardholder's bank.

According to Visa, card-not-present fraud (such as e-commerce, mail order, and telephone order) represents the largest portion of fraud activity at more than 50 percent. Yet, card-not-present transactions account for only 10 percent of the entire card activities.

Besides supporting authentication processes such as one-time passwords, Visa has unveiled Visa Consumer Authentication Service that analyses transaction in real time and on a risk-based methodology. Visa Consumer Authentication Service authenticates the consumer prior to the authorisation process, adding another layer of protection against fraud.

As the consumer begins the online checkout process, the solution performs a real-time risk assessment of the transaction based on numerous inputs including device and transaction information and historical spending patterns. This way banks can be alerted of possible fraudulent activities when the risk criteria are high enough.


Sign up for Computerworld eNewsletters.