To counter the rising rate of e-commerce fraud, U.K.-based myPINpad plans to provide a virtual PIN pad for mobile-generated online transactions through the VocaLink network for the next five years.
The agreement also helps banks and payment providers comply with the revised Payment Services Directive from the European Commission, which in part seeks more attention from banks and card issuers on cardholder authentication.
"One of the biggest opportunities we see in authorizing through the actual cardholder PIN is in the e-commerce space, where transaction volume is moving toward mobile," said David Poole, business development director for myPINpad.
Through the myPINpad technology, a consumer about to make a payment for an e-commerce transaction through a mobile device would receive a notification on their smartphone to confirm the transaction and authorize with a PIN.
MyPINpad provides a virtual, one-time PIN pad on the smartphone screen to complete the transaction.
"We are not suggesting this would be done with every transaction, but over the limit of £30 (U.S. $45), the merchant benefits through the PIN authentication in the mobile sphere," Poole said. "Everyone is motivated to stop the high levels of e-commerce fraud."
Indeed, the attention to mobile card-not-present security has picked up in Europe this year.
Card-not-present fraud levels have reached an estimated £217.4 million (U.S. $328.9 million) for e-commerce card payments in 2014. This figure represents 45% of all card fraud and 66% of total remote purchase fraud, according to the 2015 fraud report from Financial Fraud ActionUK, a financial services and payment industry organization seeking collaborative efforts to fight fraud.
E-commerce fraud has reached its highest point in 10 years, partly because the e-commerce channel has grown so much over that time period, the organization said.
Often, merchants may not use 3D Secure systems such as Verified by Visa for e-commerce transactions through a mobile device, making it an area in which myPINpad feels it can offer a needed security service, Poole added.
"We are providing an online PIN solution with no investment from merchants," Poole said. "They can get an online PIN verification through this digital service, as opposed to an offline PIN that is needed to verify the PIN to a physical card."
The European card issuers use a PIN for in-store EMV card payments because the payment rails used on the continent were offline, or not hooked into an online network, when the EMV standard rolled out.
But there are other use cases in which myPINpad sees opportunity. "Apple Pay suffered from fraudulent cards being registered with Apple through the banks, and that's an area where we can help," Poole said.
MyPINpad would request a PIN when a cardholder loads a card into a mobile wallet, adding a layer of verification that a fraudster with a stolen card might not have available.
VocaLink provides the BACS for electronic payments, Faster Payments Service for real-time payments and the Link ATM service in the U.K. It also operates Zapp mobile payments business in the U.K.
But myPINpad would work with other networks and payment rails, such as Visa or MasterCard, Poole said.
"In the U.S., we can have partnerships with an issuer, or those with banking or mobile payment apps," Poole added. "The point of integration is not fixed for us, anyone can use it."
In the U.S., Acculynk has long provided a similar PIN pad service, but its concentration was on desktop e-commerce transactions.
MyPINpad will further develop its technology, which VocaLink has already tested, while monitoring interest amongst acquirers and issuers prior to a product rollout in the first quarter of 2016.