The ECB published its second report on card fraud (24-page / 674KB PDF) and said that figures collected from 25 card payment schemes around the world revealed that CNP fraud made up 56% of all fraud recorded in 2011. Almost three quarters (73%) of CNP payments are made over the internet, but the use of the '3-D Secure' security protocol has helped to reduce CNP fraud in the UK by a third since 2007, it said.
3-D Secure is a system developed by Visa that requires consumers to input additional details about their card accounts before payments they wish to make are verified by their banks.
"Fraud acquired in card-not-present (CNP) transactions accounted for 56% of all fraud transactions and has been a main driver of fraud rates in previous years," the ECB's report said. "Consequently, several initiatives have been launched to tackle CNP fraud. Notably, according to the UK Cards Association, CNP fraud in the United Kingdom has been reduced by one-third since 2007 thanks to increasing use of fraud screening tools by retailers and payment service providers, as well as the use of 3D Secure."
The ECB laid out new security standards for internet payments earlier this year. Payment service providers (PSPs) and "governance authorities" (GAs) have until 1 February 2015 to implement them, although online retailers, referred to as 'e-merchants', are also "encouraged to adopt" the recommendations too.
Among its recommendations, the ECB said that PSPs should adopt a "defence in depth" approach so that attacks to internet payment systems security can be defeated even if those attacks breach some of the "security solutions" that have been installed. It also said PSPs should trace all online transactions, provide consumers with information about the security risks involved with internet transactions and ensure that individuals' identity can be verified.
Limits should be placed on the number of times individuals can attempt to log-in to make payments, and consumers should be unable to make internet payments without there being "strong" authentication processes in place, the ECB said at the time. Consumers should be able to utilise "authentication tools and/or software" to initially provide their authentication details "in a secure manner", it added.
In its latest report, the ECB reported an overall reduction in the amount of card fraud recorded in 2011 compared to 2007. It said that the growth of fraud from ATMs had slowed and that fraud carried out at point-of-sale terminals had fallen by 24%. The "widespread adoption" of EMV, a chip-based security standard, also helped to improve security of card payments, it said.
In a separate development, the European Commission is set to unveil draft new laws affecting payment card transactions next week. The Commission will seek to revise the existing Payment Services Directive and a new Regulation on interchange fees, which are set by card providers and apply to the processing of credit and debit card payments.
According to a report by the Financial Times, the Commission's plans will include a proposed cap on the maximum interchange fees that can be levied for both credit and debit card payments. The 0.2% cap on the charges would help cut the total fees merchants have to pay when accepting card payments, the Commission said, according to the report.