The UK government’s Home Office is taking another serious look at cyber crime with the aim of stamping it out with text message verification or random CVV solutions being proposed.. Criminals who commit large numbers of relatively small financial crimes are largely ignore as banks simply refund their customers and this is what the government wants to prevent. This type of low value high volume crime could be costing Britain as much as £10 billion per year.
The problem is that online retailers have spent years optimising their checkouts and reducing friction to reduce abandoned cards at checkout. Anything that adds friction to the checkout process can’t be something that online retail as a whole will welcome, especially as currently the banks largely foot the bill for online fraud.
Text message verification
One proposal that the Home Office is seriously considering is to make online shoppers wait for a text message before they complete an online purchase. This two step verification is common place for some services but would be a serious bottleneck for online shopping – if you’ve not got your mobile phone handy or you are one of the millions who live in a location with a poor mobile phone signal then the text message could take hours to arrive.
Of course technology could assist to ease some of the friction a two step verification process would inflict. Mobile in-app purchases are already capable of reading an incoming text message verification and automatically verifying users on mobiles with no intervention needed by the user. That can’t happen on a desktop though and not all purchases are made through apps.
Rotating CVV numbers
A second proposal by the government is for debit and credit card CVV numbers to change on an hourly basis. The idea of this initiative would be to ensure a criminal couldn’t copy your card details and use them for an online transaction at a later date. Effectively CVVs would become random three digit codes meaning an online purchase would be more akin to a card present transaction – if the online buyer didn’t have the card number with them at the time of purchase then the transaction couldn’t be completed.
Home Secretary Amber Rudd told the Commons Select Committee that she is excited by plans and that the proposal could reduce the number of crimes by one million.
Which solution is best?
Personally as a shopper and from the perspective of an online retailer I don’t like either of these solutions. They’re merely shifting the onus of security onto the consumer and waiting for a text message verification before I complete a three pound fifty purchase is just going to be annoying. Equally, for those purchases where a card is used as a funding source for third party payment providers such as PayPal would need a robust solution put in place before a random CVV solution was implemented.
We definitely need better credit and debit card security for online payments. Slowing down the checkout process isn’t necessarily the best solution.
9 Responses
I agree that keeping the checkout as smooth as possible is important but I think there’s a lot of website checkouts that could make basic improvements before worrying about an expected delay of seconds waiting for a PIN code. Also, if 50% of ecommerce is mobile and growing then the PIN will arrive where its needed. I would suspect 95% of people keep their mobile to hand during waking hours. It may just require getting used to expecting a PIN. That said, there goes one-click to buy!
Banks bear the burden of fraudulent transactions – is this always true?
“currently the banks largely foot the bill for online fraud.”
HOG WASH
the bank may refund but its the retailer that takes the hit
Credit card frauds not perculiar to the UK
So what’s the rest of the worlds answer to card fraud
Yep finger amputations and eye gouging for prints and retinas will be on the up