The new directive is designed to combat the alarming rise in online fraud that has developed out of identity theft and phishing, while also improving customer confidence in Internet banking tools.
Card-not-present fraud, of which online fraud is a major constituent, increased by 24% in the UK last year to GBP150.8 million, making it the biggest category of fraud, while direct fraud losses from online phishing scams reached GBP12 million in 2004, according to Finextra quoting stats from UK payment association Apacs.
The proposed new standard is to use a system that has been developed by leading payment companies MasterCard and Visa and requires two separate pieces of information to verify the user’s identity.
The system would include a device that reads a payment card and accepts a PIN entry from the cardholder. This is then followed by the generation by the device of a unique security number to be imputed into the website system of the goods’ seller.
Banks are expected to agree on the new technology in May, with roll out to be undertaken over the next 12 months.
