It’s no secret that fraudsters are becoming more aggressive in their tactics with e-commerce shopping channels as EMV has restricted criminals’ ability to carry out fraud at physical point-of-sale (POS) locations. In its 2018 Identity Fraud report, Javelin Strategy & Research found that online shopping presents the greatest fraud risk, with CNP fraud being 81 percent more prevalent than POS fraud.
Since many smartphones and tablets now come with built-in fingerprint sensors and cameras, it’s no surprise that biometrics has emerged as a fraud prevention solution to authenticate consumer devices. Gartner defines biometric authentication as methods that “use biometric characteristics or traits to verify users’ claimed identities when users access endpoint devices, networks, networked applications or Web applications.”
There are, however, some disadvantages associated with biometrics technology. When shopping online, in a mobile app, or on a smartphone, a user could either use facial recognition or their fingerprint to unlock the phone and confirm that transaction. However, if that user is now sitting in front of their laptop at home or placing an order by phone, biometrics typically can’t work, as there is no means to capture and validate the data. While biometrics is beneficial for online shopping via smartphones and tablets, they fall short when users are making purchases via phone or via a computer (since biometrics is not built into those channels). Additionally, biometric authentication involves device centric mechanisms that neither merchants or banks can manage, validate, or deploy. Because merchants can’t enable biometric tools is perhaps why biometrics hasn’t yet resonated as a solution merchants would embrace. According to the 6th Annual Mobile Payments and Fraud 2018 report, survey data showed that biometrics was the least used tool or service to prevent mobile fraud in 2018.
Biometric authentication merely confirms that the right device or channel is being used in a transaction. It’s authenticating the device, but not the customer or the transaction, per se. Consider the following scenario: if a criminal steals your iPhone and your fingerprint is left on the device, there would be nothing to stop the fraudster from using a warm gummy bear to apply to the fingerprint sensor, lift the print and make a cast mold to unlock the device, revealing all of your personally identifiable information. Since biometric data is static, once it is stolen, a person’s entire identity can be exposed. And because it’s static, the compromised biometric data can’t be replaced unlike dynamic CVV authentication.
Financial institutions don’t care to store personal identifiable customer information because it represents a liability. It is therefore unlikely that an institution would want to store any biometric data, let alone develop systems to validate that data in a transaction. Unlike biometrics technology, CVV+, a Tender Armor product, works on all card accounts in the market, across all purchasing channels, and works with all devices the same way. CVV+ anonymously authenticates cardholders by generating a dynamic CVV code that only the consumer can obtain. With CVV+, a cardholder’s phone number and account number are never tied together, making it markedly difficult for fraudsters to carry out their illicit work.
With CVV+, cardholders can choose how often the code rotates, be it a daily code, or just by using the solution as a one-time passcode. Cardholders can securely receive their CVV+ code via a mobile app, text-on-demand, a daily SMS message, email, or through their card issuer’s mobile app or banking site. To complete a transaction, the dynamic CVV+ code is used by the cardholder in place of the static security code printed on back of their credit or debit card.
While biometrics is a promising fraud prevention method, there are inconsistencies, security challenges, and many other considerations associated with the technology. Fortunately, new dynamic code technologies such as Tender Armor’s CVV+ provide a secure and seamless experience for cardholders when transacting across all CNP channels.