Local banks lack credit card fraud prevention mechanisms:

Fraudster-proof system in need

Time to develop 3-D secure internet payments:

Viraj MUDALIGE
Member, Panel of Experts, Electronic Payment Policy and Detection of Frauds

Over the past few decades internet commerce or e-commerce has recorded a significant growth as a convenient way of buying and selling goods and services over the Internet.

Secure internet payment system is needed to protect the global e-commerce image of Sri Lanka

Innovations in Information Communications Technology (ICT) and the advancement of the Internet have changed business models and competitive landscapes of many industries across the globe.

Interestingly, the popularity of e-commerce is not restricted to the developed world. Statistics reveal sustained growth of e-commerce in emerging economies as well; for an example, China recorded US$ 36.6 Billion in internet commerce transactions in 2009.

Consumers engaged in e-commerce use their Credit Cards to make payments to e-commerce merchants, in order to purchase goods and services. This type of payments are known as ‘Card Not Present (CNP)’ transactions in the industry. Unfortunately CNP transactions have inherent security vulnerabilities due to the remote nature of the online transactions.

The main threat exists in the verification of the identity of the consumer as the legitimate and authorised cardholder. In Card Present transactions, a physical Credit Card must be produced by the consumer to the retailer for payment. The merchant has the opportunity to inspect the physical card for security features and consumer must either provide signature on sales draft or enter PIN for identity verification.

However, in the case of CNP transactions, there is no mechanism to verify cardholder identity as the consumer is only required to input credit card details to make a payment.

The exponential growth in the e-commerce industry makes it mandatory to address the threats and vulnerabilities.

At present 70 percent of all fraudulent credit card transactions originate from CNP transactions, incurring substantial costs to the industry and threatening the public confidence in using their Credit Card for online transactions.

This article focuses on how consumers and merchants can harness the opportunities offered by E-commerce industry and how the local Banks and Financial Institutions should facilitate secure internet commerce transactions to ensure profitability and growth of the industry.

Opportunities for e - commerce in Sri Lanka

Having ended 30 years of conflict, Sri Lanka is undoubtedly on a fast development trajectory with a booming economy. In this era where globalization has become a central topic, e-commerce plays a vital role as markets and economies are getting more and more integrated. Therefore, Sri Lanka must exploit the vast potential of e-commerce to realize its economic growth.

Local entrepreneurs and merchants have the opportunity to attract new buyers and expand their reach across geographical boundaries via internet. Similarly, overseas consumers have the opportunity to purchase locally produced goods and services from local merchants.

The tourism industry shows enormous potential for growth and the key stakeholders are keen in expanding facilities and enhancing quality standards to ensure sustainability in terms of profits and growth.

This is an industry which can harness the benefits of internet and e-commerce to reach out the world to attract more and more tourists.

Foreigners from different parts of the globe can make travel arrangements, reserve hotels and facilities where online payments using Credit Cards can facilitate everybody.

As the country is expecting a two fold growth in the per capita income over the next couple of year’s local consumers too would be benefitted from e-commerce where they can look for the best sources of supplies over the internet and make on-line payments to conclude transactions conveniently.

Connecting local exporters to global markets

In order to support the nation’s export oriented growth, small time manufacturers and exporter are also invited and encouraged to join the mainstream. A solid technological infrastructure is a pre-requisite for the new comers to become attractive exporters.

Local businesses entities must be provided with compatible technology platforms to engage in cross border transactions, where payment over the internet is the preferred means for the majority.

Otherwise local exporters will look less attractive to overseas purchasers, who may choose alternatives with superior technological infrastructure.

Readers who examine the country business models would endorse the importance of facilitating this segment of exporters in diverse industry sectors where one to one type sales have more potential for a country like ours as mass supplies are dominated by China and India making competition an uphill battle for others.

Challenges facing local Payment Card industry

With the existing payment gateway infrastructure, local financial institutions and Banks are lacking the capability to prevent unauthorised transactions and associated frauds.

They lack the fraud prevention mechanisms necessary to filter transactions and stop suspicious transactions. Furthermore, most of the Internet Payment Gateways in deployment at local banks cannot facilitate Payer Authentication, which verifies consumer as the legitimate cardholder, prior to processing transactions for authorization.

Timely action is required to correct this situation as e-commerce is expanding faster than conventional transactions. Increasing vulnerabilities further justify urgent corrective measures.

Protecting the global image of our country

Declining the Credit Card of a foreigner carrying a credit card issued in his or her country, when attempting to make a payment to a Sri Lankan entity via a local acquires, obviously raises many issues, in addition to inconvenience caused to the cardholder.

It also affects the image of our country as we may lose potential visitors and income. Any foreigner who is now in Sri Lanka, including the players and the fans of the ongoing ICC Cricket World Cup 2011 would endorse the difficulties they have experienced when attempting to make an e-commerce payment as local acquires gateways do not comply with international standards resulting immediate decline of transactions by card issuer, despite the availability of credit and the social standing of the card holder.

Imagine where we stand when a foreigner staying in Colombo wanting to reserve a hotel in Kandy or Hambantota via internet fails to do so due to non compatibility of our payment infrastructure with global standards!

Unnecessary burden on Law Enforcement Agencies

Non compliance with best practices and global standards also results in increasing number of crimes and frauds reported. Being not pro-active naturally make law enforcement agencies to be re-active in a digitally connected world where more and more people are engaged in cross border travelling and business. Sri Lanka cannot be isolated from the flat world. On the other hand, we must not allow the country to be cited forever as a hub for cyber crimes in international watch lists.

The amount of resources to be deployed by state agencies in carrying out post event investigations is substantial. Moreover, it disturbs the core services to be provided by such authorities. The Army Commander recently stated that the country should be ready to combat the next war citing increasing cyber crimes globally. Those who have to be pro-active, now is the high time.

Steps taken by Payment Industry

The global payment card industry has jointly developed 3 - D Secure, to facilitate payer authentication for e-commerce transactions. 3 - D Secure provides an additional layer of security for both cardholder as well as merchants with the addition of an authentication step to the transaction lifecycle.

Prior to request for a transaction authorization, the acquiring bank through card association contacts card issuing bank asking them to carry out cardholder authentication. To be continued