The European Central Bank (ECB) has launched a public consultation on its recommendations for security measures on internet payments as part of the fight against online fraud.
Payment service providers (PSPs) and card payment schemes are expected to implement the recommendations by July 2014. The recommendations set out minimum standards of best practice covering the control of the payment platform’s security environment, specific control and security measures for internet payment, and customer education and communication.
The “harmonised, minimum” security measures will “contribute to fighting payment fraud and enhancing consumer trust in such services”, the ECB said.
National authorities that supervise card payment schemes, such as the Bank of England and the Financial Services Authority (FSA), and other stakeholders, such as e-merchants, are also encouraged to adopt the best practices.
Among its recommendations, the ECB highlights the need to assess risks associated with providing internet payment services. PSPs should also ensure there are strong customer authentication processes in place, alongside systems to identify abnormal customer payment patterns.
In addition, PSPs should engage with customers and raise their awareness of security issues to help prevent fraud, the ECB said.
The proposals form part of the work undertaken by the European Forum on the Security of Retail Payments, established in 2011 at the suggestion of the Payment and Settlement Systems Committee of the ECB. The Forum is a voluntary initiative between European authorities that supervise PSPs.
A report into fraud in the European Card Payment market by Payments Cards and Mobile Research found that the UK suffered £440.3m in losses due to card fraud in 2010 – almost 10 per cent of the total value of purchases made in the card payment market. It observed that historically the UK was the country in Europe most exposed to payment card fraud, partly due to a rapid growth in online card use.
A separate study by e-fraud management consultants Ethoca in 2011 found that e-commerce merchants can detect and prevent more online credit card fraud by sharing data in real time.
The survey of 95 leading credit card issuers and online merchants revealed that in one in ten of all cases studied, a single card was used to commit fraud against more than one more merchant, while in 86% of cases the fraudster stopped using the cards within 24 hours.