Friday, May 6, 2011

Online Payments Security Part. II


The strong authentication devices: 3D Secure e-Card ...

Thus, in order to identify the owners of cards, but also and especially to strengthen the security of online payments, some banks have introduced single-use maps (such as e-Carte Bleue) from 2002. Electronic clone a credit card, they provide a single use code generated by the user on the site of his bank card from her real. Once payment is made with this code, it is no longer usable for any other purchases. But this type of solution prolongs the act of buying and makes it less suitable for repeated payments of small amounts (news article, listening to the unit ...). It also represents a considerable cost both to the bank and for the user, and has been poorly received by the public.

Therefore, some banks have decided to implement the system in 2008 "3D Secure". Any buyer must take on a secure page on the bank a secret code known only to him, as well as authenticating the cardholder. The debate remains about the nature of this code. Used to launch 3DS, date of birth as the user PIN is gradually put aside in favor of an SMS sent by the bank, the most popular solution among Internet users, or a code transmitted by a "token “.  It remains to weigh the cost of these solutions, which can range from 0.5 to over 10 € per cardholder per year.

Unfortunately, this system proved to be confusing in practice much more than expected to the Internet. Very little communication was made to holders of cards, whether through banks or online shopping sites, most buyers were confused and even frightened at the appearance of a separate page asking them for such as their date of birth, and that at the most critical of the act of purchase: payment. Many of them have therefore preferred to abandon their purchases for fear of attempted fraud or phishing ... Consequently; a large number of sites selling online immediately contacted their banks to exit the 3D Secure system, after finding a reduction in sales volume up to 20%.

The challenge is therefore to secure adequate payments to deter fraudsters, without complicating the process of payment and impacting end of the chain volume of sales.