Text message verification proposal adds friction to online sales

By Chris Dawson October 22, 2017 - 3:08 pm

The UK government’s Home Office is taking another serious look at cyber crime with the aim of stamping it out with text message verification or random CVV solutions being proposed.. Criminals who commit large numbers of relatively small financial crimes are largely ignore as banks simply refund their customers and this is what the government wants to prevent. This type of low value high volume crime could be costing Britain as much as £10 billion per year.

The problem is that online retailers have spent years optimising their checkouts and reducing friction to reduce abandoned cards at checkout. Anything that adds friction to the checkout process can’t be something that online retail as a whole will welcome, especially as currently the banks largely foot the bill for online fraud.

Text message verification

One proposal that the Home Office is seriously considering is to make online shoppers wait for a text message before they complete an online purchase. This two step verification is common place for some services but would be a serious bottleneck for online shopping – if you’ve not got your mobile phone handy or you are one of the millions who live in a location with a poor mobile phone signal then the text message could take hours to arrive.

Of course technology could assist to ease some of the friction a two step verification process would inflict. Mobile in-app purchases are already capable of reading an incoming text message verification and automatically verifying users on mobiles with no intervention needed by the user. That can’t happen on a desktop though and not all purchases are made through apps.

Rotating CVV numbers

A second proposal by the government is for debit and credit card CVV numbers to change on an hourly basis. The idea of this initiative would be to ensure a criminal couldn’t copy your card details and use them for an online transaction at a later date. Effectively CVVs would become random three digit codes meaning an online purchase would be more akin to a card present transaction – if the online buyer didn’t have the card number with them at the time of purchase then the transaction couldn’t be completed.

Home Secretary Amber Rudd told the Commons Select Committee that she is excited by plans and that the proposal could reduce the number of crimes by one million.

Which solution is best?

Personally as a shopper and from the perspective of an online retailer I don’t like either of these solutions. They’re merely shifting the onus of security onto the consumer and waiting for a text message verification before I complete a three pound fifty purchase is just going to be annoying. Equally, for those purchases where a card is used as a funding source for third party payment providers such as PayPal would need a robust solution put in place before a random CVV solution was implemented.

We definitely need better credit and debit card security for online payments. Slowing down the checkout process isn’t necessarily the best solution.

  • 8 months ago

    I agree that keeping the checkout as smooth as possible is important but I think there’s a lot of website checkouts that could make basic improvements before worrying about an expected delay of seconds waiting for a PIN code. Also, if 50% of ecommerce is mobile and growing then the PIN will arrive where its needed. I would suspect 95% of people keep their mobile to hand during waking hours. It may just require getting used to expecting a PIN. That said, there goes one-click to buy!

    Banks bear the burden of fraudulent transactions – is this always true?

    • alan paterson
      8 months ago

      Hi Bernard, where are you getting your information from? “Banks bear the burden”?! Eh? Have you come here from an alternative reality?

    • northumbrian
      8 months ago

      we think bernard is quoting from the original asking a question ? suggesting they dont ?

    • alan paterson
      8 months ago

      ahhhhh, thanks for that. sorry, that makes more sense now. My apologies Bernard if I misunderstood. I did not mean to be rude.

  • northumbrian
    8 months ago

    “currently the banks largely foot the bill for online fraud.”

    the bank may refund but its the retailer that takes the hit

    • JD
      8 months ago

      And whoever takes the hit it will all come back to us in higher prices or charges!

  • Northumbrian
    8 months ago

    Credit card frauds not perculiar to the UK

    So what’s the rest of the worlds answer to card fraud

    • JD
      8 months ago

      Global Credit card and debit card fraud resulted in losses amounting to $21.84 billion during 2015. Card issuers and merchants incurred 72% and 28% of those losses, respectively, with the following transaction breakdown:
      Card issuer losses occur mainly at the point of sale from counterfeit cards while merchant losses occur mainly on card-not- present (CNP) when customers buy online or pick up in a store
      (Source: Nilson Report, October 2016)
      Answer: Change the systems and process. Fraud will then be shifted to some other aspect, eg ID theft …………
      And on we go.

  • Northumbrian
    8 months ago

    Yep finger amputations and eye gouging for prints and retinas will be on the up

Recent Comments

8 hours ago
tyler: @alan paterson, I am sure it does get tiresome for you, but for some of...
11 hours ago
alan paterson: Its getting tiresome reading every new ebay initiative getting trashed by sellers (almost without exception). if...
14 hours ago
Al Hatfield: Really excited about this tournament, I am hearing a lot of good things about this...
19 hours ago
Mark.T: This was my best guess as well. Still not clear whether the trigger is the existence...