In a bid to protect UK businesses and consumers from fraud, UK shoppers will now face more identity checks when spending online. Placed in action from yesterday, consumers will have to authenticate their purchase with three factors: something you know (e.g. PIN), something you are (e.g. biometrics) and something you have (e.g. mobile device).
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Action against growing online fraud is vital, with figures from the National Fraud Intelligence Bureau (NFIB) showing that UK residents and businesses experienced financial losses of £2.5bn from fraud and cyber-crime over the past year.
In response, yesterday saw the launch of Strong Customer Authentication (SCA) requirements, which have been coined as the biggest change to payments since chip and pin was introduced over 15 years ago. The new standard requires businesses to choose from two of three factors to identify customers – something you know (e.g. PIN), something you are (e.g. biometrics) and something you have (e.g. mobile device).
There’s no denying that the new measures will fundamentally change the way we shop, and we expect to see a huge increase in One Time Passwords (OTPs) being sent as a result. But protection doesn’t have to come at the cost of convenience. Security should be synonymous with customer experience and trust, which is why using a person’s mobile device for verification within the SCA requirements should be a consideration.
When customers are transacting via a mobile device, Silent Mobile Verification can be used by retailers to match a shopper’s phone number with the mobile network operator’s data silently in the background. This seamless process requires no additional effort from end users – it simply connects the retailer with the operator to check that a person’s number is correct without breaking the customer experience and further preventing the risk of social engineering and manipulation from fraudsters.
Overcoming online fraud necessitates watertight verification checks and detection – and with telco co-ordination, verification for mobile identity can occur without disruption.