Risk-based Authentication

PSD2 – Can your transaction risk analysis and strong customer authentication comply?

February 23, 2017 the European Banking Authority (EBA) released the Final Report of the Draft Regulatory Technical Standards on Strong Customer Authentication and Common Secure Communication for the Payment Services Directive 2 (PSD2). This final report heralded a welcome change in the EBA’s position on the exemption to Strong Customer Authentication (SCA) based on transaction…

R-Evolution: The Evolution of Risk

Ten years ago, when a user needed to access a corporate application, his or her usage was on a company-owned device and typically confined to company-owned networks. These applications were nicely tucked behind corporate firewalls, and managed by dedicated IT organizations. To identify themselves, users would often enter complex, lengthy passwords when accessing such resources,…

3D Secure 2.0 – The New Sheriff in Town

EMVCo, the global standards body tasked with developing the technical standards for payments technologies, last week announced the availability of 3D Secure 2.0. Collectively, we at RSA congratulate EMVCo on this eagerly anticipated release. As an EMVCo Technical Associate, we were privileged to contribute to the development of the specifications and truly believe that the…

Reduce Fraud and Abandonment with a Risk-Based Approach to Online Sales

Sooner or later every business with an online presence is plagued by shopping cart abandonment. Sometimes a consumer changes their mind, factors in the cost of shipping and decides it’s not worth it, or is simply distracted long enough so the transaction is never completed. Getting a consumer to follow through is not as easy,…

Credential Sharking: A New Fraud Comes to Town

Over the past couple of years, I’ve worked on many projects which have been focused on helping companies ‘turn the lights on’ as to what is happening on their website – the good, the bad and everything in-between. One of the most unusual cases I’ve seen involved a payday lender and a mass disclosure of online…

Context-Based, Next-Generation Authentication: Key Traits and Endurance

When analyzing a particular component within a security ecosystem, it is always useful to first take a drone’s-eye view of the system. This strategy can be used to map precisely where within the infrastructure the component may be deployed most efficiently. Where is its mission critical? Where can it profitably replace an alternative? Where will…

Reducing Fraudulent Transactions during the Holiday Shopping Season with Behavioral Analytics

While it may seem a bit early to be addressing the holiday shopping season, the giant nutcrackers are already towering over the pumpkins at the mall so I figured it was fair game. So what can we expect this holiday season? According to a National Retail Federation survey, average spending per person is expected to rise…

Securing eCommerce Transactions without Losing Customers Part 1 – Risk-Based Authentication

Yesterday afternoon I received one of the calls we all dread – my credit card company phoned to ask if my husband had purchased airline tickets within the last five minutes. Alas he wasn’t planning to whisk me away – a fraudster was using his credit card number to book a flight. Within twelve hours…

Understanding human triggers in fraudulent transactions

  Too often, discussions about fraud prevention emphasize the security controls organizations should put in place: risk engines, step-up authentication, biometrics… These are all necessary for a successful fraud prevention program, but we tend to minimize the ‘humans in the loop’ aka the end users. It’s human nature to have biases, and an effective security program should…

Reducing the Risk of Fraud in the 3D Secure Ecosystem – The Issuer Perspective

3D Secure is a boon to online retailers who benefit from the shift in chargeback liability to card issuers. Participation in 3D Secure is almost a no-brainer from the merchant perspective in that sense. What about card issuers though? According to the Nilson report, issuers absorb over 66% of the more than $5 billion a…