Unless you are lucky enough to be spending a two-year sabbatical on a tropical island, you will have noticed that online security, from emails to personal data, is a hot topic. By now, you also know that the essentials of cybersecurity require cooperation between businesses and users, systems must be kept up to date and suspicious links should never be clicked on. Preventing fraud is an important challenge on and offline, whether for merchants, banks, or, most importantly for the average citizen.
We all know that no system is infallible when we human beings are involved. Nobody likes to be told that it is a job for all of us to keep ourselves safe, but it is a job for all of us to keep ourselves safe.
Loyal DisCo blog readers will have seen our recent pieces (e.g., 1, 2) on fraud prevention. These articles lament new European rules that require a particular technique called “Strong Customer Authentication” be used to fight against fraud in online transactions. These rules are close to being finalized and have been scrutinized by the European Banking Authority and sent back to the European Commission for final approval. In autumn they will be sent to the European Parliament and the Council for approval (are you still following?).
The problem is that none of these organisations has apparently yet noticed the new mantra: “Fraud-prevention-is-everyone’s-responsibility.”
Currently, the draft rules require merchants (think online shops, travel agents, etc.) to always use a bank’s Strong Customer Authentication to approve a transaction –regardless of the merchant’s past relationship with the customer, the merchant’s internal fraud prevention efforts and internal authentication methods. Strong Customer Authentication is only one tool in the fraud prevention toolbox and in itself it is not enough to prevent fraud.MORE »