Unlike in the United States, the issue of payment security in Europe concerns relatively few in-store purchases. Since the EMV standard is widely used, attacks by fraudsters on the Old Continent are more focused on internet transactions, which do not need the card to be present. Three elements are currently needed to confirm an online payment: the card number and its expiry date from the front of the card and the three-digit number on the back. These three static elements are easy to hack since they are visible on the card. Hackers have been quick to take advantage of this loophole and a parallel market of bank data has sprung up on Darknet.
Meanwhile the e-commerce sector is exploding, with double-digit annual growth and turnover in Europe set to reach 426 billion euros in 2014 (+17.3% compared with 363 billion euros in 2013, according to the association e-commerce Europe, gathering 25 000 european actors).
Securing the future of e-commerce
If fraud continues to increase at this pace, consumers risk shying away from internet purchases, hampering the sector’s growth. When placing online orders, 96% of French consumers fear having their data stolen according to a survey conducted for the e-money institute. The reliability of online payment systems is therefore central and solutions have appeared to combat fraud, such as 3D Secure, which involves a code being sent to the consumer by SMS to validate the transaction. A fairly effective solution in itself, but one which has its limitations, since customers are unable to pay if they have forgotten their phone, the battery has run out, or they are travelling abroad, risk of fraud in the event of theft of the bank card and phone, necessity of having a phone to pay online, etc. For retailers, meanwhile, all these obstacles can lead to a high level of basket abandonment.
To ensure the successful growth of online commerce, e-payment players are therefore working on solutions presenting a high perceived level of security, but which are simple to put in place and use.
Solutions being worked on include OT’s development of a card incorporating a mini-screen on the back displaying an automatically generated three-digit code for confirming online purchases. When data is stolen by fraudsters, it is used on average between 10 and 30 days after the theft, but with the dCVV Code card, this data soon becomes obsolete. Based on a cycle defined by the issuer, the code on the screen changes every hour, for example.
As Eric Duforest, Managing Director of OT’s Payment Business Unit, explains, “The beauty of this OT dCVV card is that it is both a “smooth evolution” and a great “technology game changer”. First, a smooth evolution as it does not change end users experience, which is key for fast adoption. It has no impact on merchants’ infrastructure, which is key for their acceptation. Finally, it is easy to deploy for banks with no complex ecosystem to build. Second, it is a great “technology game changer” as it brings a real answer to the market need by drastically increasing the security of on line payment, which is key for the banks reputations. It capitalizes on the great reputation of smart cards regarding security but with inserting electronics in it, which is a technology challenge that OT masters. OT is heavily investing for this technology to become a mass product, massively adopted and delivered by millions across the globe.”
The dCVV card is the best hope for combatting fraud. Having been tested by several banks, the card will be offered to consumers during the course of this year.