Local banks lack credit card fraud prevention
mechanisms:
Fraudster-proof system in need
Time to develop 3-D secure internet payments:
Viraj MUDALIGE
Member, Panel of Experts, Electronic Payment Policy and Detection of
Frauds
Over the past few decades internet commerce or e-commerce has
recorded a significant growth as a convenient way of buying and selling
goods and services over the Internet.
|
Secure internet payment system is
needed to protect the global e-commerce image of Sri Lanka |
Innovations in Information Communications Technology (ICT) and the
advancement of the Internet have changed business models and competitive
landscapes of many industries across the globe.
Interestingly, the popularity of e-commerce is not restricted to the
developed world. Statistics reveal sustained growth of e-commerce in
emerging economies as well; for an example, China recorded US$ 36.6
Billion in internet commerce transactions in 2009.
Consumers engaged in e-commerce use their Credit Cards to make
payments to e-commerce merchants, in order to purchase goods and
services. This type of payments are known as ‘Card Not Present (CNP)’
transactions in the industry. Unfortunately CNP transactions have
inherent security vulnerabilities due to the remote nature of the online
transactions.
The main threat exists in the verification of the identity of the
consumer as the legitimate and authorised cardholder. In Card Present
transactions, a physical Credit Card must be produced by the consumer to
the retailer for payment. The merchant has the opportunity to inspect
the physical card for security features and consumer must either provide
signature on sales draft or enter PIN for identity verification.
However, in the case of CNP transactions, there is no mechanism to
verify cardholder identity as the consumer is only required to input
credit card details to make a payment.
The exponential growth in the e-commerce industry makes it mandatory
to address the threats and vulnerabilities.
At present 70 percent of all fraudulent credit card transactions
originate from CNP transactions, incurring substantial costs to the
industry and threatening the public confidence in using their Credit
Card for online transactions.
This article focuses on how consumers and merchants can harness the
opportunities offered by E-commerce industry and how the local Banks and
Financial Institutions should facilitate secure internet commerce
transactions to ensure profitability and growth of the industry.
Opportunities for e - commerce in Sri Lanka
Having ended 30 years of conflict, Sri Lanka is undoubtedly on a fast
development trajectory with a booming economy. In this era where
globalization has become a central topic, e-commerce plays a vital role
as markets and economies are getting more and more integrated.
Therefore, Sri Lanka must exploit the vast potential of e-commerce to
realize its economic growth.
Local entrepreneurs and merchants have the opportunity to attract new
buyers and expand their reach across geographical boundaries via
internet. Similarly, overseas consumers have the opportunity to purchase
locally produced goods and services from local merchants.
The tourism industry shows enormous potential for growth and the key
stakeholders are keen in expanding facilities and enhancing quality
standards to ensure sustainability in terms of profits and growth.
This is an industry which can harness the benefits of internet and
e-commerce to reach out the world to attract more and more tourists.
Foreigners from different parts of the globe can make travel
arrangements, reserve hotels and facilities where online payments using
Credit Cards can facilitate everybody.
As the country is expecting a two fold growth in the per capita
income over the next couple of year’s local consumers too would be
benefitted from e-commerce where they can look for the best sources of
supplies over the internet and make on-line payments to conclude
transactions conveniently.
Connecting local exporters to global markets
In order to support the nation’s export oriented growth, small time
manufacturers and exporter are also invited and encouraged to join the
mainstream. A solid technological infrastructure is a pre-requisite for
the new comers to become attractive exporters.
Local businesses entities must be provided with compatible technology
platforms to engage in cross border transactions, where payment over the
internet is the preferred means for the majority.
Otherwise local exporters will look less attractive to overseas
purchasers, who may choose alternatives with superior technological
infrastructure.
Readers who examine the country business models would endorse the
importance of facilitating this segment of exporters in diverse industry
sectors where one to one type sales have more potential for a country
like ours as mass supplies are dominated by China and India making
competition an uphill battle for others.
Challenges facing local Payment Card industry
With the existing payment gateway infrastructure, local financial
institutions and Banks are lacking the capability to prevent
unauthorised transactions and associated frauds.
They lack the fraud prevention mechanisms necessary to filter
transactions and stop suspicious transactions. Furthermore, most of the
Internet Payment Gateways in deployment at local banks cannot facilitate
Payer Authentication, which verifies consumer as the legitimate
cardholder, prior to processing transactions for authorization.
Timely action is required to correct this situation as e-commerce is
expanding faster than conventional transactions. Increasing
vulnerabilities further justify urgent corrective measures.
Protecting the global image of our country
Declining the Credit Card of a foreigner carrying a credit card
issued in his or her country, when attempting to make a payment to a Sri
Lankan entity via a local acquires, obviously raises many issues, in
addition to inconvenience caused to the cardholder.
It also affects the image of our country as we may lose potential
visitors and income. Any foreigner who is now in Sri Lanka, including
the players and the fans of the ongoing ICC Cricket World Cup 2011 would
endorse the difficulties they have experienced when attempting to make
an e-commerce payment as local acquires gateways do not comply with
international standards resulting immediate decline of transactions by
card issuer, despite the availability of credit and the social standing
of the card holder.
Imagine where we stand when a foreigner staying in Colombo wanting to
reserve a hotel in Kandy or Hambantota via internet fails to do so due
to non compatibility of our payment infrastructure with global
standards!
Unnecessary burden on Law Enforcement Agencies
Non compliance with best practices and global standards also results
in increasing number of crimes and frauds reported. Being not pro-active
naturally make law enforcement agencies to be re-active in a digitally
connected world where more and more people are engaged in cross border
travelling and business. Sri Lanka cannot be isolated from the flat
world. On the other hand, we must not allow the country to be cited
forever as a hub for cyber crimes in international watch lists.
The amount of resources to be deployed by state agencies in carrying
out post event investigations is substantial. Moreover, it disturbs the
core services to be provided by such authorities. The Army Commander
recently stated that the country should be ready to combat the next war
citing increasing cyber crimes globally. Those who have to be
pro-active, now is the high time.
Steps taken by Payment Industry
The global payment card industry has jointly developed 3 - D Secure,
to facilitate payer authentication for e-commerce transactions. 3 - D
Secure provides an additional layer of security for both cardholder as
well as merchants with the addition of an authentication step to the
transaction lifecycle.
Prior to request for a transaction authorization, the acquiring bank
through card association contacts card issuing bank asking them to carry
out cardholder authentication. To be continued
|