Strong Customer Authentication in Australia: Reducing CNP Fraud and Streamlining eCommerce Payments
Minimizing fraud without harming the customer experience can be done – using the right tools
In 2017-18, card-not-present (CNP) fraud cost Australian eCommerce AUD $478 million and accounted for some 85 percent of all fraud on Australian-issued cards1. In 2016, CNP fraud in Europe represented 70% of all card fraud2. Seriously uncomfortable numbers.
In Europe, the 2016 figures triggered the introduction and mandating of strong customer authentication (SCA) under PSD2. SCA is a security measure that helps reduce fraud and makes online payments more secure by adding an additional layer of authentication.
In Australia, things are also starting to move, with the introduction of AusPayNet's CNP Fraud Mitigation Framework strategy. This outlines two approaches to reducing online payments fraud loss: risk-based authentication and/or deploying SCA.
Understanding the new AusPayNet framework
Both issuers and merchants are – understandably – asking themselves how they can work within the new AusPayNet framework, while also ensuring they deliver a positive customer experience and engender customer loyalty. To understand their challenge, it’s worth considering what SCA and risk-based authentication are, and how they might best be combined to achieve these desired goals.
SCA is essentially two-factor authentication. The SCA check requires authentication using two of the following three factors:
- Something the customer has, e.g., a card, token or phone
- Something the customer knows, e.g., a PIN or password
- Something the customer is, e.g., biometrics – fingerprint or face recognition
Under Australia’s CNP Fraud Mitigation Framework, SCA does not have to be used for all online payment transactions; it is only universally applicable to those issuers and merchants whose fraud numbers exceed certain levels each quarter. It is under these conditions that friction could occur, as customers will be required to provide two-factor authentication at the point of checkout, which may lead them to abandon their online transactions.
Risk-based authentication essentially involves analyzing various parameters relating to each transaction and buyer against a large dataset of similar transactions – determining whether or not further authentication is necessary. Such parameters include:
- Transaction value
- Buyer's transaction history
- Whether the buyer is a new or returning customer
- Information about the buyer's location
Risk-based authentication has the potential to ensure a streamlined customer journey with fewer friction points, while still minimizing fraud.
Given the respective strengths of SCA and risk-based authentication, the best way to optimize the online customer experience, while remaining below the CNP Fraud Mitigation Framework thresholds, is to combine them. This approach is especially advantageous if a best-in-class, risk-based authentication solution is available.
Optimizing risk-based authentication performance
What defines a best-in-class, risk-based authentication solution? One key component is a very large database of transaction samples, drawn from across multiple business sectors (sometimes referred to as “consortium data”). To stay abreast of the latest fraud techniques, this database should also be updated in near real time. A further advantage of a very large database of this type is that it is ideally suited for machine learning (ML) techniques. The challenges faced in fighting CNP fraud make it a space where ML presents abundant opportunity.
In practice, best-in-class, risk-based authentication will probably apply a multi-dimensional approach when analyzing data, incorporating ML, complex rules, shared consortium data and customer profiling. Assuming that data is sufficiently rich (i.e., includes multiple data points for each transaction, buyer and seller, as well as broad-based comparative samples across multiple business sectors), risk-based authentication will be able to provide a low-friction eCommerce experience, while simultaneously minimizing CNP fraud.
However, risk-based authentication cannot be optimized with just a generic solution; it must also be customizable so that merchants can tailor it to the specific needs of their organization. A key part of achieving this is if a risk-based authentication solution gives users convenient access to their own historic transaction and benchmark data (either online or by download) for analysis. Doing this in collaboration with a solution provider's in-house fraud analysts allows for the best possible fine-tuning of risk-based authentication.
Best of both worlds for holistic fraud prevention strategy
In short, for those merchants and acquirers anxiously eyeing the fraud thresholds in AusPayNet's CNP Fraud Mitigation Framework, risk-based authentication coupled with automated SCA (where risk-justified), offers a painless and solid means of compliance. The obvious advantage of this holistic approach is one of the reasons why ACI has put it at the core of its own solution; making it possible for users to optimize customer experience, minimize their risk and maximize profitability.
Contact us to talk further about AusPayNet's CNP Fraud Mitigation Framework in Australia, or find out more about ACI’s UP Payments Risk Management solution for Merchants.
Related Blog Posts
Platform Driven Payments Can Drive Improved Profitability for Fuel and Convenience Store Merchants
Those of us who drive often don’t think too much about refueling our cars unless or until our tanks are nearing empty. And as long as the price is acceptable and the transaction efficient, a quick, convenient fill up is all we need.
The Nordics’ P27 Initiative: Payments in Uncharted Waters
The advance of real-time payments around the world seems unstoppable, with 45 schemes currently live and a further 13 (at the time of writing) in the planning stages. In Europe, the Nordics’ P27 initiative – the world’s first integrated multi-country, multi-currency, real-time payments platform spanning Denmark, Finland, Sweden and Norway – promises to make headlines as it takes payments into uncharted waters.
How Southeast Asia’s Banks Can Remain Competitive and Profitable in a Real-Time World
Cross-border payments across Southeast Asia are shifting as market dynamics, increased competition and increasingly demanding customers drive rapid change. As payment systems are modernized and the market evolves, banks and governments must stay on top of these trends.
The Benefits of Open Banking for LATAM
Thanks to customer demand and regulations on how customer data can be gathered and used, open banking has seen rapid growth throughout the world. The EU and U.K. have been leading forces in the implementation of open banking, while countries such as Canada, New Zealand, Hong Kong and Japan have been quick adopters.
Only One-Third of Major Fuel Merchants Have Fully Implemented EMV and 20 Percent are Still in the Planning Stage
Earlier this year, we blogged about the issue of EMV implementation in the U.S. fuel sector and the fraud issues fuel merchants can expect to see if they’re not ready by the extended April 2021 deadline.
Omni-Commerce Is Heating Up the Merchant Token Revolution
Merchants around the world have embraced the wisdom of keeping sensitive customer data (such as card numbers) out of their own environments, with tokens emerging as the tool of choice to bridge the gap. Merchant functions — including reservations, returns, reporting, rewards, research, reconciliation and more — have typically required access to sensitive data, but a series of high-profile breaches has highlighted the need to store card numbers in tightly secured safe harbors.
Brazil’s Digital Payments Transformation: Five Key Takeaways
Brazil has abundant growth opportunity when it comes to digital payments, with PIX – the Central Bank of Brazil’s new instant payments system – expected to have a significant impact. This was evident during a recent webinar Digital Transformation into Payments, hosted by Mercado & Consumo em Alerta and featuring experts from Getnet, Pernambucanas, Conductor and ACI.
Southeast Asia’s Domestic Payments Infrastructure Has Laid the Foundation for a Cross-Border Real-Time Network
Over the past decade, economies across Asia have been on the path to payments modernization, upgrading and replacing domestic payments infrastructure to make payments cheaper, faster and better. While the focus has been on domestic gains, this has set the foundation for a broader, cross-border real-time network – especially in Southeast Asia.
Could the Right Use Case Push the U.S. Over the Edge of Real-Time Payments Adoption?
New York City, while a world leader in countless ways, has only just made it possible to access the subway with contactless technology. Something a commuter in London, for example, has taken for granted for many years. While America’s tech companies, manufacturers and retailers have been constantly modernizing, the country’s payment methods and habits lag behind much of the rest of the world.
Are Alternative Payment Methods the Future of Fuel and C-Store Payments?
Card payments are still king in many sectors, including fuel and convenience, where according to Mercator Advisory Group, 57 percent of U.S. drivers currently use a credit or debit card to pay. However, the rising adoption and associated benefits of mobile and other alternative payment methods (APMs) in many other sectors have put the topic of APMs on the radars of fuel merchants.