News, Education and Events Decoding Digital Payments & Fraud

News, Education and Events Decoding Digital Payments & Fraud

Visa Shows Commitment to Online Authentication, Acquires CardinalCommerce

Visa Shows Commitment to Online Authentication, Acquires CardinalCommerce

Visa on Friday signaled to an industry struggling with increases in card-not-present fraud the emphasis it is placing on online authentication when it acquired technology provider CardinalCommerce. Visa will retain the CardinalCommerce brand and Cardinal will operate as a wholly-owned subsidiary of the San Francisco-based card network. Financial details of the agreement were not disclosed. Cleveland-based Cardinal’s solution leverages a risk-based version of 3D Secure technology. 3DS is a security layer in which issuers authenticate online shoppers before they are authorized to complete an online transaction. Since the card issuer authenticates the user, liability for fraud rests with the bank rather than the merchant. In earlier iterations, the technology asked users to authenticate themselves with a password for every transaction. As a result, merchant adoption was low, despite the liability shift. Cardinal, however, has championed a version that does not prompt for a password until various other indicators have determined that the chances a user is not the cardholder are elevated, making the process less intrusive to legitimate consumers. As expected, the ongoing implementation of EMV in the U.S. has resulted in a spike in card-not-present fraud. Visa’s move to acquire an authentication provider is a reaction to the important role authentication plays in that environment, according to Mike Keresman, CEO of CardinalCommerce. That Cardinal’s solution leverages 3DS makes even more sense for Visa given its position sitting between banks and merchants. “The merchant side of authentication uses fraud screening and the banks use risk mitigation,” Keresman told CardNotPresent.com. “That is distinct data, a lot of which is mutually exclusive. You can bridge that information gap by combining what the merchant understands about their consumers and what the bank knows about its customers. That data-driven authentication will cause a significant increase in authorizations.” Keresman noted that as mobile and the Internet of Things continue to evolve, resulting in 30 to 50 billion connected devices in the next few years by some estimates, frictionless authentication becomes even more important. From Visa’s perspective, the acquisition of Cardinal not only signals a commitment to authentication but also could be a boost for 3DS in an environment where a decade ago merchants “wouldn’t even pick up the phone,” according to Keresman. “Visa’s acquisition of Cardinal is a strong indicator that the card brands want to bring stronger cardholder authentication closer to the network,” Chris Uriarte, global payments and strategy consultant for Glenbrook Partners, told CardNotPresent.com. “Cardinal has been at the forefront of 3D Secure and authentication for many years, and has played an integral part in the development of the forthcoming new version of the protocol. With Cardinal in Visa’s arsenal, Visa stands to potentially benefit from these changes in the industry, regardless of whether the transaction is processed on their network or someone else’s. Perhaps one of the more interesting questions will be whether U.S. merchants will ultimately see benefit from this acquisition and whether 3DS adoption in the U.S. will eventually become mainstream.  I think the verdict is still very much still out on that.” The companies expect the deal to close by the end of Visa’s second quarter in March 2017.