When consumers shift payments channels, criminals do, too. We have discussed this point in post after post. We've also written on how the pandemic has had a seismic effect on digital payments during the pandemic. This chart sums up the growth pretty handily.
Even before the pandemic contributed to this spike, criminals had been using purloined payment card credentials and in-store or curbside pickup to take advantage of the growth in digital payments. (In-person pickup allows criminals to quickly put their hands on their ill-gotten gains.) To improve ecommerce security, the industry began developing technical specifications and protocols, and in late 2019, the Mobile Payments Industry Workgroup (MPIW) formed a working group to provide a better understanding of these protocols and specifications. This working group published its findings in an educational white paper
just last month. (The MPIW was facilitated by the Federal Reserve Banks of Boston and Atlanta.)
Among these specifications and protocols the white paper explains is the 3-Domain Secure protocol, released in December 2018, and the initial Secure Remote Commerce specifications, published in June 2019 (both from EMVCo). It also discusses the WebAuthn specification, which came on the scene in March 2019 and was a product of the World Wide Web (W3C) consortium working with the Fast Identity Online (FIDO) Alliance. The white paper identifies the key challenges to adopting these protocols and provides guidance about how they may complement one another to enhance the security of the online and mobile channels.
All these fraud mitigation tools are in their early stages of adoption, with additional development and functionality to come. In the meantime, we hope that the white paper provides you with a solid foundation of knowledge of these new tools and how the industry continues its battle against fraudulent payment activity.
David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed