Since the inception of the World Wide Web, online retailers have been struggling in a continuous war against card-not-present (CNP) payment fraud. In accordance with card industry rules and guidelines, when the fraudulent purchases are disputed, the retailers almost always end up holding the bag.
Organizations spanning the payment ecosystem have attempted to help online retailers identify fraudulent transactions through the deployment of various technologies. One of the more effective technologies has been the use of multifactor authentication (MFA). Over the past several months, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has been working on a cybersecurity project involving multifactor authentication to help retailers reduce the risk of online fraudulent purchases.
The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. The NCCoE has just released draft practice guide NIST Special Publication 1800-17, Multifactor Authentication for E-Commerce.
The guide explores several risk-based scenarios that use MFA to increase assurance of purchaser identity and reduce fraudulent online purchases. Both standards and best practices were used to develop two reference designs leveraging commercially available technologies. The guide also maps capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.
Online retailers benefit from this by having less fraud and declining fewer good transactions. Machine-driven decisions translate to less time and effort needed by personnel to analyze transactions, which equates to significant operational savings. It also means online (Read more...)
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Michael O'Connor. Read the original post at: http://www.rsa.com/en-us/blog/2018-08/rsa-and-nist-partner-to-reduce-ecommerce-fraud-risk.html