Strong Customer Authentication in Australia: Reducing CNP Fraud and Streamlining eCommerce Payments
Minimizing fraud without harming the customer experience can be done – using the right tools
In 2017-18, card-not-present (CNP) fraud cost Australian eCommerce AUD $478 million and accounted for some 85 percent of all fraud on Australian-issued cards1. In 2016, CNP fraud in Europe represented 70% of all card fraud2. Seriously uncomfortable numbers.
In Europe, the 2016 figures triggered the introduction and mandating of strong customer authentication (SCA) under PSD2. SCA is a security measure that helps reduce fraud and makes online payments more secure by adding an additional layer of authentication.
In Australia, things are also starting to move, with the introduction of AusPayNet's CNP Fraud Mitigation Framework strategy. This outlines two approaches to reducing online payments fraud loss: risk-based authentication and/or deploying SCA.
Understanding the new AusPayNet framework
Both issuers and merchants are – understandably – asking themselves how they can work within the new AusPayNet framework, while also ensuring they deliver a positive customer experience and engender customer loyalty. To understand their challenge, it’s worth considering what SCA and risk-based authentication are, and how they might best be combined to achieve these desired goals.
SCA is essentially two-factor authentication. The SCA check requires authentication using two of the following three factors:
- Something the customer has, e.g., a card, token or phone
- Something the customer knows, e.g., a PIN or password
- Something the customer is, e.g., biometrics – fingerprint or face recognition
Under Australia’s CNP Fraud Mitigation Framework, SCA does not have to be used for all online payment transactions; it is only universally applicable to those issuers and merchants whose fraud numbers exceed certain levels each quarter. It is under these conditions that friction could occur, as customers will be required to provide two-factor authentication at the point of checkout, which may lead them to abandon their online transactions.
Risk-based authentication essentially involves analyzing various parameters relating to each transaction and buyer against a large dataset of similar transactions – determining whether or not further authentication is necessary. Such parameters include:
- Transaction value
- Buyer's transaction history
- Whether the buyer is a new or returning customer
- Information about the buyer's location
Risk-based authentication has the potential to ensure a streamlined customer journey with fewer friction points, while still minimizing fraud.
Given the respective strengths of SCA and risk-based authentication, the best way to optimize the online customer experience, while remaining below the CNP Fraud Mitigation Framework thresholds, is to combine them. This approach is especially advantageous if a best-in-class, risk-based authentication solution is available.
Optimizing risk-based authentication performance
What defines a best-in-class, risk-based authentication solution? One key component is a very large database of transaction samples, drawn from across multiple business sectors (sometimes referred to as “consortium data”). To stay abreast of the latest fraud techniques, this database should also be updated in near real time. A further advantage of a very large database of this type is that it is ideally suited for machine learning (ML) techniques. The challenges faced in fighting CNP fraud make it a space where ML presents abundant opportunity.
In practice, best-in-class, risk-based authentication will probably apply a multi-dimensional approach when analyzing data, incorporating ML, complex rules, shared consortium data and customer profiling. Assuming that data is sufficiently rich (i.e., includes multiple data points for each transaction, buyer and seller, as well as broad-based comparative samples across multiple business sectors), risk-based authentication will be able to provide a low-friction eCommerce experience, while simultaneously minimizing CNP fraud.
However, risk-based authentication cannot be optimized with just a generic solution; it must also be customizable so that merchants can tailor it to the specific needs of their organization. A key part of achieving this is if a risk-based authentication solution gives users convenient access to their own historic transaction and benchmark data (either online or by download) for analysis. Doing this in collaboration with a solution provider's in-house fraud analysts allows for the best possible fine-tuning of risk-based authentication.
Best of both worlds for holistic fraud prevention strategy
In short, for those merchants and acquirers anxiously eyeing the fraud thresholds in AusPayNet's CNP Fraud Mitigation Framework, risk-based authentication coupled with automated SCA (where risk-justified), offers a painless and solid means of compliance. The obvious advantage of this holistic approach is one of the reasons why ACI has put it at the core of its own solution; making it possible for users to optimize customer experience, minimize their risk and maximize profitability.
Contact us to talk further about AusPayNet's CNP Fraud Mitigation Framework in Australia, or find out more about ACI’s UP Payments Risk Management solution for Merchants.
Related Blog Posts
Positioning PSPs for Success in 2020: Scalability, Flexibility and Globality
We used to say that NFRs (non-functional requirements) such as scalability and availability didn’t really make for attention-grabbing headlines, but in fact, 2019 has shown us that these NFRs are often not far away from the biggest stories. A major outage or downtime – be it for bank or merchant – makes headlines in its own right, but we’re increasingly seeing a clear link between NFRs and a company’s growth trajectory. Those companies that are generating positive awareness from their ambitious global expansion plans, innovative customer experiences, or unique approach to fighting fraud – they are achieving this off the back of technology solutions that deliver world-class non-functional requirements. Scalability, flexibility and globality underpin these growth stories – and this message comes out clearly in speaking with some of our leading payment service providers (PSPs), which are supporting the growth of thousands of merchants around the world.
What Will 2020 Bring for Payments in Latin America?
2019 was yet another year of payments disruption throughout the LATAM region. Thanks in large part to the proliferation of fintechs, Latin American banks and processors have been under immense pressure to modernize their offerings, while also gaining the agility to quickly bring new products to market.
Request for Payment and Other Real-Time Payments Trends That Will Shape 2020
In 2020, the conversation around real-time payments will increasingly be about what banks can do with real-time, as they move beyond setting up to support real-time payments schemes. New use cases will emerge – but there are a few main trends that are likely to shape the direction of real-time in the year ahead.
2020: The Year of (Near) Cashless Transactions?
Happy belated New Year and raise your hand if you make and/or follow New Year’s resolutions. I used to and then realized they were exercises in futility. But, over this past holiday, I thought I’d give the resolution game one more shot. This one was more a realistic goal than it was a resolution, but who can really tell the difference anyway!?! I decided to go cashless over the holidays, which can still be somewhat challenging for many in the US (though my friends in other countries are probably ridiculing me right now). I was traveling (to NYC and Florida) and wanted to pack as little as possible (in both my luggage and my wallet). I’m all about loyalty card points these days, hence the 2 back-to-back trips.
Three Merchant Payment Trends to Watch in 2020
In 2019, merchants everywhere were challenged by pressure from new entrants, the continued breakdown of traditional industry boundaries and growing customer preference for a digitally-led or digitally-influenced purchasing experience.
Learn How to Claim a Greater Slice of the Mobile Payments Pie
U.S. Wireless Players: $14.3B is at stake – are you in?
Mobile commerce is thriving as consumers seek out convenient, quick and secure shopping experiences. And transaction growth on mobile devices is outpacing traditional desktop and in-store channels, aided by click and collect and one-click purchasing trends. For U.S. telcos, the message is clear: proactively add value to the payments process, or risk missing out on increasing your portion of the growing mobile payments market.
How to Survive Black Friday and Cyber Monday… and Provide a Great Consumer Experience
As Black Friday and Cyber Monday approach, shoppers and merchants alike await amazing deals and a welcome boost in sales, respectively. I took a moment to speak with two of ACI’s merchant payments and fraud experts, Andrew Marshman (merchant payments lead, Europe) and Erika Dietrich (VP, Global Fraud Prevention Risk Services) about what merchants need to know as they head forth into one of the biggest shopping seasons of the year.
The Invisibility Cloak of Payments: What Are the Consequences?
If you could pick any superpower, what would you pick? Children often pick "invisibility.” Oh, the possibilities of being invisible! What fun! You can walk into a candy store and take all the candy you want, you can stay downstairs late with your parents and listen to what they’re saying, you can sneak out without anybody noticing… But when you think about it, there are also disadvantages that come with this superpower.
Looking Back at Money20/20 USA: Where Do We Go From Here?
Now that the dust has settled on another successful Money20/20 USA in Las Vegas, it allows for a moment of reflection on what some of the announcements and trends mean for the ever-changing financial industry. Discussions spanned a variety of topics, including the future of international and digital expansion of PSPs, how organizations developing cryptocurrency wallets plan to enter the payments space, and how challenger banks plan to revolutionize the banking experience. Inclusivity was a recurring theme throughout – and nowhere was this more evident than in the Rise Up program.