Visa Inc. is launching a new data security service for issuers to use for online transactions.
Visa is using the Cyber Monday online shopping event, where many consumers are typing their card details at merchants' sites to get short-lived discounts, as context to illustrate why extra fraud defenses might be necessary for certain transactions.
The Visa Consumer Authentication Service, announced Nov. 26, is available as cloud-based fraud monitoring to warn issuers of potential high-risk transactions, says Mark Nelsen, Visa's head of risk and authentication product development. It allows safe transactions, which represent the vast majority of e-commerce, to go through without unnecessary delays, he says.
The new service, available in all Visa Inc. markets, is designed to operate with an issuer's Three Domain Secure (3-D Secure) program such as Verified by Visa, Nelsen says.
The Verified by Visa system is an optional service that prompts consumers for a password during every online transaction, regardless of the level of risk that transaction represents. Visa's new authentication service is meant to eliminate the need for a password from those shoppers executing low-risk transactions, but prompting additional information from shoppers making transactions deemed as potentially risky.
"We want to emphasize to our issuers that we should be moving toward this sort of process that minimizes friction during an online transaction," Nelsen says. "Visa wants to incorporate as much new data as it can to help the issuer and merchant communicate while enhancing the consumer's transaction experience."
Visa's new service authenticates the consumer prior to the authorization process. Visa tested the service with some issuers during the past two months.
"We are able to incorporate new information available through the risk model that Visa built as well as third-party information about the device the consumer is using, as well as other analytics," Nelsen says.
The new service provides an assessment of a transaction based on data collected about a shopper's device, the current transaction and historical spending patterns.
If the service alerts the issuer that there is a high risk, the issuer can request additional information from the shopper through a one-time password and other verification methods, Nelsen adds. The one-time password can be sent to an e-mail address or cell phone the bank has on file already.
"The goal of the new service is to reduce consumer friction and abandonment of the online transaction process by not having to prompt the 95% that are low-risk transactions," Nelsen says. "The new service was developed as a risk-based process, with only the high-risk transactions seeking further verification."
Visa provides the Consumer Authentication Service on a fee scale to its issuers, who can register for the service at any time. The registration process could take up to two weeks, depending on how the issuer wants to use the service and how many risk-assessment rules it needs to establish, but the actual implementation is a simple process with no software downloads involved, Nelsen says.
The service operates even if the consumer chooses to initiate an online transaction through a device other than a personal computer, such as a mobile phone or tablet.