Fintech
Online shoppers get more card security for holidays
Mastercard has enhanced its Identity Check programme to add an extra layer of verification at the checkout stage.
Mastercard has announced enhancements to its Identity Check programme that will give South African cardholders an extra layer of protection at checkout. The phased security enhancements come just in time for Black Friday and the summer holiday shopping season. As such, it will be welcomed by merchants, banks and consumers alike as fraud levels continue to rise.
According to SABRIC, in 2022 card not present (CNP) fraud – the common term for online credit card payments – amounted to 76.9% of fraud losses on South African issued credit cards.
In an effort to stem online payment fraud, Mastercard has enhanced its Identity Check programme, an advanced security feature that employs the 3-D Secure 2.0 protocol, to add an extra layer of verification at the checkout stage. This update will improve how cardholders verify their identities when making online transactions.
“E-commerce is showing good growth in South Africa, but many consumers remain wary of using their cards online, or become annoyed by high-friction checkout experiences, slowing the growth potential of online commerce,” says Andries Maritz, principal product manager at Entersekt.
“The latest Mastercard initiative focuses on performance enhancements by integrating cutting-edge technologies like AI for risk-based authentication, as well as biometrics. Working with authentication specialists, the aim is to help issuers create a more seamless and secure experience for cardholders.”
Added security with biometrics
The update (AN8808) is aimed at European countries as well as over 70 nations across the Middle East and Africa.
It will prioritise the use of biometric verification, including facial recognition and fingerprint scanning, over traditional password methods. However, it has been designed to keep user friction as low as possible.
The update will continue to support frictionless authentication for low-risk transactions. This means that in most cases, cardholders won’t need to go through any extra verification steps, with authentication happening in the background without any additional prompts.
However, on transactions that appear high-risk or suspicious, where cardholders are usually prompted for additional verification (using strong customer authentication methods), Mastercard will now require issuers to offer a physical biometric option for authentication to cardholders with biometric-enabled devices.
By opting for biometric authentication, the new requirements reduce the hassle that comes with entering passwords or using multi-factor authentication, which often requires additional steps like receiving codes via text or email.
“We know that the previous step-up authentication methods can slow down the checkout process and frustrate cardholders, often leading to cart abandonment and lost sales,” says Maritz. “By turning to biometrics, online shoppers can quickly and easily authenticate their identity by using their face or fingerprint which is securely stored on their devices, minimising the chance of it being hacked or misused. This isn’t just faster, but it eliminates the risks created by weak or stolen passwords.”
Mastercard has stated that, when biometric authentication is used, issuers have reported a 32% decrease in fraud compared to other methods like SMS one-time PINs (OTPs).
Early adopters will benefit
The new update comes with a timeline for compliance from Mastercard:
- By 21 November 2024, the update will require Identity Check issuers to respond frictionlessly to a minimum of 30% of payment authentication requests that Mastercard defines as low risk.
- By 16 March 2025, they are required to step this up to a minimum of 60%.
- By 1 December 2025, issuers in EMEA regions must offer customers full biometric authentication for Mastercard Identity Check transactions performed with biometric-enabled devices.
“While the deadlines allow a phased approach, the benefits of implementing the updates as soon as possible are compelling,” says Maritz. “Issuers would do well to support merchants’ efforts to maximise retail holiday opportunities like Black Friday and the festive season.
“The business case for the update is compelling enough to lean into early adoption. Under the new mandate, organisations will see reduced checkout issues, improved authentication success rates, and increased approval rates.
“Big security gains can also be had through the enhanced step-up challenge experience when using qualifying biometric authentication, not to mention operational cost savings from reduced step-up challenges through SMS OTPs.”
Industry collaboration is key
Entersekt has been working closely with Mastercard, says Maritz. In addition to helping organisations comply with the requirements of Identity Check, Entersekt has also partnered with Mastercard to use its Scam Protect to help financial institutions fight scams.
Using Mastercard’s behavioural biometrics, Entersekt enables banks to step up authentication for higher-risk transactions, verifying a sender’s biometrics to authenticate the transaction. This extra step can protect senders before the funds leave their account.