The National Cybersecurity Center of Excellence (NCCoE) is currently undertaking the mammoth task of reducing the risk of online retail fraud in the US, seeking comment from the public and industry insiders. The NCCoE is exploring the potential of multi-factor authentication used in tandem with web analytics tools and contextual risk calculation to reduce fraudulent behavior during e-commerce transactions.
Having identified multi-factor authentication as a safeguard against retail fraud, the NCCoE has opened a discussion with key industry players and stakeholders in order to develop a process which will protect online retailers and shoppers without inhibiting the retail process. It is believed that employing the assistance of the entire breadth of the incredibly varied e-commerce industry; the NCCoE can develop an effective strategy.
The NCCoE outlined their plans in their Multi-factor Authentication for e-Commerce report:
Reaffirming the importance of creating a process which accommodates a simple customer journey, the NCCoE understands that retailers will be reluctant to employ any anti-fraud measures which may potentially deter customers from using their online services. The increased security and improved identity management process must not compromise the e-commerce experience, with all online retailers unwilling to jeopardise their stake in the $400bn industry.
The end goal of the project is to produce an NIST (National Institute of Standards and Technology) Cybersecurity Practice Guide for all e-commerce retailers, detailing the steps to securely and accurately identify and authenticate online purchasers. It will then be the decision of stakeholders how to implement the steps and suggestions, aligning them within the structure of the e-commerce site’s existing customer journey and retail portal.
A secondary purpose of the practice guide is to demonstrate the existence of current multi-factor authentication technologies and products which effectively manage identity authentication.