Content

Analyst: Credit card firms must do more to fight fraud

MasterCard's recent move to offer financial incentives for companies using its SecureCode payer authentication system is a step in the right direction to fight online card fraud, but still "not enough," Gartner has warned.

The analyst firm stated that but both MasterCard and Visa "must do more" to strengthen the related Payment Card Industry (PCI) program.

Under the terms of MasterCard's plan, retailers are offered rate discounts of up to 16 percent for participating in the SecureCode program, explained Avivah Litan, Gartner vice president of research. Free network vulnerability scanning services for companies that have not yet met the compliance requirements of the PCI security program are also being offered.

"MasterCard quietly introduced rate discounts for participants in its SecureCode payer authentication system in September 2005 and is now formally announcing them as part of a broader initiative. This is good news for retailers, and will help drive adoption of SecureCode. MasterCard is showing that it believes transactions protected by SecureCode - which, like the Verified by Visa system, is part of the MasterCard/Visa 3-D Secure platform - are less risky than those that are not, and so deserve lower rates," said Litan.

"Retailer and consumer adoption of 3-D Secure payer authentication remains slow, even though, in most cases, card issuers absorb chargeback and fraud liability for online transactions protected by the program. Many retailers believe 3-D Secure slows the consumer checkout process excessively, costing them sales. The new incentives will like cause more online retailers and consumers to adopt SecureCode," said Gartner's Litan.

Litan went on to argue that the offer of free network vulnerability scanning to help companies comply with PCI standards is "helpful but inadequate." This program is aimed at small merchants, that typically are not yet participating in the mandatory PCI compliance program, and will help MasterCard's scanning-vendor partners sell these companies their services, she pointed out.

Litan said: "Network scanning is actually the simplest element of PCI compliance, and enormous confusion remains among retailers - at all levels - about how to navigate PCI's complex processes. MasterCard's educational initiatives may help to dispel some of this confusion, but Gartner has not yet seen any comprehensive effort from MasterCard or Visa to clarify what remains a very difficult compliance process."

Online retailers and other companies that accept credit cards are advised by Gartner to adopt the SecureCode program to earn rate reductions and enhance data security.

In broader terms the analyst firm urges both MasterCard and Visa to begin a "serious, comprehensive effort" to make PCI practical and helpful for retailers and other card-accepting companies.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.