A Call to Action on cybercrime!

Unfortunately, the multifactor-multilayer-outofband troika for ensuring security increases friction so much so that shopping cart abandonments and false positives arguably impact online merchants as adversely as fraud does. This might explain their C'est La Vie attitude to such reports. Besides, Amazon, and most other ecommerce giants in the US don't even use VbV and other singlelayer-inband measures and I'm yet to come across a single report that suggests that they suffer greater fraud loss as a percentage of their revenues as compared to merchants in many other countries who do. 

Thanks for your comment Ketharaman. I agree with you in that using traditional methods to try and achieve multi-factor authentication would increase friction and cause more inconvenience than is necessary. However, technology exists to enable some of the layers to be invisible and the customer may not even be aware that strong authentication has occurred in a totally privacy-sensitive manner.

For example, as mentioned in my latest blog, Proximity Correlation Logic is a technology based on the fact that your phone is likely to be near you when you’re making a transaction. It can detect whether your phone is in the area of the origination point of a transaction, without compromising on your privacy as it is not using a Location Based Service.

Incorporating visible and invisible layers of authentication makes the process sufficiently strong and at the same time, user-friendly.

@Pat C:

Thank you for your clarifications. I agree with you that technology can make certain layers invisible, reducing some of the friction as a result. I happen to read an article in Inc. earlier today, according to which the #1 consequence of identity theft in five out of the last five years is account hijacking. I don't know how effective any amount of transaction level security can be against such a threat vector. So, my point re. fraud loss as a percentage of revenue still remains. 

Ketharaman as you have correctly highlighted, determined criminals will always find ways to out-smart technology for their own gains. We have to work on the premise that we can’t stop them from stealing individuals’ information, but what we can do is stop them from being able to use it when it comes to electronic financial transactions. The real-time technology that I have previously described can prevent the crime occurring - ipso facto fraud loss as a percentage of crime will decrease. Furthermore, this technology will be able to eliminate the false positives, which is where the real costs are incurred.

@Pat C:

Thanks again for the clarification. If someone hijacks my account, I thought they effectively have access to all my credentials that really matter. So, unless I'm missing something here, shouldn't transactions initiated by them appear genuine to everyone (except me)? In other words, how can technology stop them from using their ill-begotten access rights?

All through the past 8-10 years, vendors have claimed that their security technologies would inevitably cut down fraud losses as a percentage of revenues. However, I feel that the utter lack of empirical evidence to prove their claims has made a lot of online merchants quite skeptical about any future claims. On the other hand, the potential loss of revenue they suffer every day from shopping cart abandonment and false positives is very real.