Mercator Advisory Group Evaluates Current and Future State of E-commerce Security

The growth of e-commerce has commanded billions of dollars in investments from credit card companies, merchants, banks, and venture capitalists. This future however, has gone relatively unsecured.

Despite usage spikes for e-commerce and especially mobile commerce, no amount of investment has yet corralled e-commerce fraud. The rise of card-not-present transactions has been paralleled by spikes in declined transactions, chargebacks, bot attacks, and fraudulent transactions.

A new research report from Mercator Advisory Group titled Securing E-Commerce: Competing Technology Crowds the Market details the nature of the current state of e-commerce fraud, the options for securing it in the short and long term, and some scenarios for e-commerce security. The report makes the case that the EMVCo consortium and other potential technology entrants need to plan for a more sensibly sustained roll-out of technologies that consider merchants and banks more formidably in the process of fighting e-commerce fraud.

As stated by Tim Sloane, Director of Emerging Technologies Advisory Service at Mercator Advisory Group, the e-commerce industry tries to solve security issues, but in many senses it is getting in its own way.

EMVco, which has made strides in card-present fraud, is preparing new technologies for e-commerce. The most promising of these is 3-D Secure, version 2.0 (3DS2), an upgrade of current authentication technology, which is a significant upgrade over the original protocol 3-D Secure (3DS) from the global card network consortium EMVCo that could impact e-commerce and m-commerce fraud frequency and the negative costs associated with it.

Yet, credit card companies are preparing a more aggressive upgrade called Secure Remote Commerce on its heels. Banks and merchants will have a stake in securing e-commerce, but may be confused by rapid-fire roll-outs from EMVco.

Highlights of the research report include:

Assessment of current technology

For physical retail, securing payments has been a case study in corporate cooperation and developing technology. Unfortunately, the same cannot be said about e-commerce.

For card-present transactions, the EMVCo consortium of six companies (American Express, Discover, JCB, Mastercard, UnionPay, and Visa) has shared technology and expertise to solve a crisis that threatens its future growth: payment fraud. In just over five years, EMVCo has produced dramatic results toward securing card-present payments with its chip and PIN technology.

Since launching in October 2015, merchants that have installed the EMV card readers at the point of sale have seen a 75% drop in fraudulent charges, compared to a 46% drop for all U.S. merchants. U.S. market share leader Visa says that 97% of all U.S. payment volume ran through EMV cards during the month of June 2018.

EMVCo’s efforts toward securing e-commerce

3-D Secure, the e-commerce security solution introduced by EMVCo is not working. The consortium is preparing an update and overhaul of this technology under tremendous pressure from credit card companies, banks, merchants, acquirers, and processors.

For traditional banks and emerging financial technology companies, the stakes are high.

A review of security solutions

A review of the background that has made tokenization the leading candidate to make a significant impact in e-commerce fraud and a look at the two new technologies that could change the game: W3C and digital identity.

This research report has 30 pages and 10 exhibits.

Companies and other organizations mentioned in this report include: ACI, Adyen, Alibaba, Amazon, American Express, Apple, AsiaPay, BarclayCard, Best Innovation Group, Cardinal Commerce, Cisco, CULedger, Decentralised Identity Foundation, Discover, eBay, EMVCo, Evernym, Facebook, Federal Reserve Bank of Minneapolis, First Data Corporation, Fiserv, Google, Government of British Columbia, Government of Ontario, InAuth, IBM, International Airlines Group, JCB, Linux Foundation, Lloyds Bank, Kount, Mastercard, Microsoft, Mozilla Foundation, National Institute of Standards and Technology (NIST), Novartis, NuData, PayPal, Protegrity, Royal Credit Union, SITA, Sovrin Foundation, Square, Stripe, TokenEx, Tencent, ThreatMetrix, TSYS, UnionPay, Veridium, Visa, Worldpay, and The World Wide Web Consortium (W3C).

Members of Mercator Advisory Group’s Emerging Technologies Advisory Service and Global Payments Service have access to these reports as well as the upcoming research for the year ahead, presentations, analyst access, and other membership benefits.

About Mercator Advisory Group

Mercator Advisory Group is the leading independent research and advisory services firm exclusively focused on the payments and banking industries. We deliver pragmatic and timely research and advice designed to help our clients uncover the most lucrative opportunities to maximize revenue growth and contain costs. Our clients range from the world’s largest payment issuers, acquirers, processors, merchants and associations to leading technology providers and investors. Mercator Advisory Group is also the publisher of the online payments and banking news and information portal

Image: Pexels

Share this article:

About B2B Global Team

B2B Global Team is a collective of journalists and researchers covering the issues of B2B management, leadership and innovations in different sectors of economy.

View all posts by B2B Global Team →