Credit card transactions are essential for online purchasing. However, users are repeatedly made uneasy by reports of attempted fraud, password theft, phishing and much more. Fraud on the Internet is a daily topic, and rightly so. Online criminals are increasingly using social engineering methods to access the confidential data of users. The August 2012 issue of Computerworld Switzerland quoted from the results of a global survey by Kaspersky Labs: "Approximately half of the survey participants stated that they had received at least one suspect e-mail from a social network or in their e-mail inbox. Nearly 30 percent of these were supposedly sent by a bank and requested the recipient to provide confidential information. Con artists are also targeting users of smartphones and tablets more and more. According to the survey, 24 percent of tablet users and 18 percent of smartphone users have already received a message with suspect content."
For credit card issuers, this makes it essential to secure online transactions so that potential phishing attacks are rendered ineffective. In Switzerland, for example, there are over three million cards in use and the online transaction volume was about 3 billion Swiss francs in 2012, with a rising trend. To reduce losses from fraud, card issuers and banks must upgrade their security facilities. In this regard, the 3-D Secure standard stands for enhanced security, mainly known under the names "Verified by Visa", "MasterCard Secure Code" or "American Express SafeKey" seen in online shops.
American Express Joins the Group
The Swiss company Viseca Card Services started using Netcetera's 3-D Secure hosted service in 2003. Other renowned card issuers, such as Swisscard, PayLife Bank in Austria and Cetrel in Luxembourg, followed suit. Netcetera also supported the UBS Card Center with project management and technical advice for the introduction of 3-D Secure. American Express opted for Netcetera's 3-D Secure hosted service in 2012. The Swiss software company therefore ensures secure online transactions for the market leaders in the credit card business in Switzerland, Austria and Luxembourg.
3-D Secure – Triple Security
The 3-D Secure standard for online card transactions provides superior fraud protection for online payments. The customer first enters their credit card number. Then a link to the card issuer is established to allow the customer to confirm their identity using a code. If the authentication is successful, the credit card payment is executed. Consistent use of 3-D Secure drastically reduces the card issuer's liability costs and write-offs for fraud. Merchants who use 3-D Secure are exempt from liability in case of fraud and benefit from lower fee rates.
Netcetera operates a client-capable 3-D Secure service in their own data centers. The hosting fulfills the most stringent security requirements of Visa, MasterCard and American Express, including complex data encryption and restrictive access to the 3-D Secure servers. Netcetera has also passed the Payment Card Industry (PCI) audit. The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations for payment transactions. It is endorsed by all major credit card organizations, and it governs the handling of card transactions according to defined criteria and processes. Merchant firms and service providers that store, convey or process credit card transactions must conform to these standards and regulations.
3-D Secure Merchant Plug-In – Licensed Security
In order to process online payments in accordance with 3-D Secure, merchants must use a merchant plug-in (MPI). They have the choice of operating a suitable MPI themselves or integrating it as a service. Netcetera's 3-D Secure MPI, available starting spring 2013, supports the first option. This is Netcetera's contribution to ensuring the security of online payments. The MPI includes modern web services for cardholder verification and authentication. As an integrated part of the purchasing process, the MPI authenticates and verifies the cardholder according to the "Verified by Visa" or "MasterCard SecureCode" standard. Merchants benefit from the transfer of liability to the card issuer, thereby reducing their risk for non-authorized transactions and the resulting reimbursements and lost revenue. 3-D Secure offers merchants a wide range of options. For example, the merchant plug-in can be licensed and operated onsite on the merchant's own infrastructure. Alternatively, the product architecture enables centralized operation for several merchants via a payment service provider or a bank.