U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Project Description (Initial Public Draft)

Multifactor Authentication for e-Commerce: Online Authentication for the Retail Sector

Date Published: May 9, 2016
Comments Due: June 3, 2016 (public comment period is CLOSED)
Email Questions to: consumer-nccoe@nist.gov

Author(s)

William Newhouse (NIST), Sarah Weeks (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) has posted a draft Project Description on the topic of Multifactor Authentication for e-Commerce.

As greater security control mechanisms are implemented at the point of sale, retailers in the United States may see a drastic increase in e-commerce fraud, similar to what has been widely observed in the UK and Europe following the rollout of EMV chip-and-PIN technology approximately ten years ago. Consumers, retailers, payment processors, banks, and card issuers are all impacted by the security risks of e-commerce transactions. Retailers bear the cost for fraudulent, card-not-present (CNP) transactions, motivating them to reduce fraud in order to avoid damage to their reputation and eliminate potential revenue losses, which have been estimated to be over $3 billion. Part of e-commerce fraud reduction includes an increased level of assurance in purchaser or user identity.

This project and its example solution will help reduce the risk of false online identification and authentication fraud for e-commerce transaction with multifactor authentication tied to existing web analytics and contextual risk calculation.

Abstract

Keywords

retail; multifactor; authentication; MFA; retail; e-commerce; fraud; card-not-present; CNP; web analytics; retail; risk calculation
Control Families

Access Control; Identification and Authentication

Documentation

Publication:
Draft Project Description (pdf)

Supplemental Material:
Submit Comments
Project Homepage

Document History:
05/09/16: Project Description (Draft)
09/20/16: Project Description (Final)

Topics

Security and Privacy

authentication