Card not present transactions remain a challenge for the global payment industry

Increasing demand for consumers to perform payments without their physical cards, such as online payments, poses a challenge for the global payment industry on how to facilitate this demand while at the same time managing risk in the card not present (CNP) payment sector.

The latest figures published in July 2012 by payments industry self-regulatory body the Australian Payments Clearing Association (APCA) revealed scheme debit, credit, and charge card fraud increased in 2011, predominantly driven by CNP transactions. The sector experienced an increase in fraudulent transactions from A$0.672 to A$0.960 in every A$1,000 transacted. Overall, CNP fraud accounts for 71% of fraud value on Australian-issued scheme debit, credit, and charge cards. While there is huge potential for growth, CNP transactions also represent an extra risk for the card industry to address.

Credit and debit cards were designed for face-to-face transactions, so in order to cope with consumer demand to pay over the Internet the industry faces a number of challenges.

3-D Secure, a two-factor authentication process that involves using more than one form of identification for security purposes, was one of the initiatives introduced to improve card security when making online payments, by adding a layer of security for online card transactions. It was initially launched as an opt-in feature for consumers; however, recently many issuers have made it mandatory, with card holders needing to enroll after three online purchases. Since launching, 3-D Secure has proved an effective weapon in lowering incidences of fraud.

However, the technology remains flawed. Firstly, there are inconsistencies in that some merchants may opt-in or opt-out from this extra layer of security. This means that consumers only need to use their passwords if merchants opt-in, and thus it cannot provide universal coverage. Perhaps more critically, the consumer interface is widely acknowledged to be clunky, and many consumers are (rightly) suspicious of any piece of software that asks them to enter bank details. In addition, the risk of abandoned shopping baskets and problems with fraudulent transactions being verified by 3-D Secure have led some merchants to rethink their use of the tool.

Merchants will always need a method of security that allows for secure payments without being so burdensome it drives potential business away. This leads to questions as to how credit cards will fit in the future of online payments.

While the card industry has focused on improving security through two-factor authentication, the emergence of digital wallets represents a threat to the dominance of the traditional plastic cards industry in the online payments sector. With digital wallets, personal details such as credit card details are not shared when making payments to a third party, making it less vulnerable from a fraud perspective.

The growth of the digital wallet will prompt the biggest shift in the online payment landscape, as it will be at the top of consumer options for online payments, and potentially also for physical retail purchases. This will not happen in the short term, however, and even in the medium term payment cards will remain the primary funding source for digital wallets. The good news for card issuers is that they will continue to earn interchange fee income across their portfolios. However, the dangerous element is disintermediation; without further innovation around the card product, or in card-based digital wallets, it will be non-bank digital wallet providers that ultimately hold the payment interface and top of mind relationship with consumers.

A spike in CNP-related fraudulent transactions in Australia serves as a warning for both schemes and card issuers to revisit their expansion growth in the online payment sector.


For more information about this topic please read the Datamonitor report Online Payments: Cards Not Present? (February 2012, CM00139-004), or contact Harry Senlitonga at hsenlitonga@datamonitor.com.