As EMV-chip card use spreads at the point of sale in the U.S., online merchants will have to change the way they handle payments online.
Merchants need to understand that consumers will accept new authorization methods as they become more familiar with them, says Al Pascual, senior analyst for Javelin Strategy & Research.
Pascual and analyst Sarah Miller authored a July report on Web and mobile authentication methods. Javelin surveyed more than 15,000 consumers between October 2012 and January 2013 for the report.
The shift to EMV cards in brick-and-mortar stores should beef up security at the point of sale, driving fraudsters to seek softer targets online. Advancements in card-not-present fraud prevention, particularly through mobile devices, should encourage merchants to adopt stronger authentication, Pascual says.
"If the current amount of fraud online isn't enough reason for merchants to already deploy more security, EMV should be enough to prove it," Pascual says.
EMV at the point of sale will serve as "the hammer" for merchants to step up online security, Pascual says. "They will be sorry if they don't do it," he adds.
Staples of online merchant account and transaction authentication such as passwords, static security questions, card verification value (CVV) numbers and address verification systems "are being rendered obsolete by fraud trends," the report states.
Instead, new technologies such as biometrics, out-of-band dynamic passwords, and technologies using non-intrusive back-end data have become viable options for merchants, the report says.
In particular, improvements have been made to 3D Secure technology, as seen in Verified by Visa and MasterCard's SecureCode+, that eliminates the need for consumers to input additional credentials for transactions. The technology integrates back-end authentication, such as transaction history and device identification, the report says.
Issuers and merchants need to leverage mobile devices for authentication, Pascual says.
"With mobile devices you can have geo-location, biometrics, one-time passwords and other technologies," Pascual says.
Consumers always have their phones with them, making the devices the perfect tool for authentication, Pascual says. "The bad guys may eventually find ways to get around it, but right now mobile can provide the best protection," he adds.
However, because mobile malware is beginning to be an issue, and mobile payments represent only a fraction of a percent of all online retail payments, it may take some time before issuers or merchants make heavy investments in mobile authentication, Pascual says.
Consumers should install anti-malware software on all devices they will use for online purchases, the report says.