New EU regulations governing online commerce and payments are scheduled to come into force across Europe from September this year. The new standards will require all online transactions above €30 to get additional authorisation – via a fingerprint scan or a unique code generated by a device, banking app or text message.
But a report on the Pyments website suggests that the retailers, payment gateways, and banks have serious doubts about whether the right systems and processes will be in place in time for when the new rules come into force, and also whether Europe’s consumers themselves are ready to comply.
The regulations are, of course, designed to be another barrier in the ongoing fight against fraud. It is also interesting that, just last month, a number of the big banks have signed up to a new code of conduct that commits them to refunding any of their customers who fall victim to so-called ‘Authorised Push Payment’ fraud.
Implementing the additional layer of security using two-factor authentication via an A2P text message, is likely to become the most widely used means of adding extra protection to an online transaction. That’s certainly a development that will be welcomed by operators the world over as ordinary text message revenues continue to decline.
However, the question is – given the known weaknesses in the SS7 signalling network that can allow the fraudsters to divert those authentication messages to their own handsets – just how long will the banks be prepared to underwrite the safety net of compensation at their own expense if they believe the system to be fundamentally flawed.
Two likely courses of action can be foreseen. One is to look to pass that compensation cost onto the operator they perceive to have been at fault. The second is to move to an app- based system and take SMS out of the equation. Neither of those options are good for the operators. Both would have an immediate and direct impact on their bottom line.
The looming EU regulations, coupled with the banking community’s commitment to providing compensation, therefore makes it imperative that operators join the fight against the fraudsters and act now to secure their signalling systems.
Implementing a signalling firewall to block those fraudsters seeking to hijack and divert text messages will not only help to secure the network, it will also enable operators to build trust in SMS for authentication, both within their Enterprise customers and among consumers.
What’s more, the research we published earlier this year provided clear evidence that trust in the network and its security was a commodity that operators needed to value, protect and promote.