Date Published: May 9, 2016
Comments Due:
Email Questions to:
Author(s)
William Newhouse (NIST), Sarah Weeks (MITRE)
Announcement
The National Cybersecurity Center of Excellence (NCCoE) has posted a draft Project Description on the topic of Multifactor Authentication for e-Commerce.
As greater security control mechanisms are implemented at the point of sale, retailers in the United States may see a drastic increase in e-commerce fraud, similar to what has been widely observed in the UK and Europe following the rollout of EMV chip-and-PIN technology approximately ten years ago. Consumers, retailers, payment processors, banks, and card issuers are all impacted by the security risks of e-commerce transactions. Retailers bear the cost for fraudulent, card-not-present (CNP) transactions, motivating them to reduce fraud in order to avoid damage to their reputation and eliminate potential revenue losses, which have been estimated to be over $3 billion. Part of e-commerce fraud reduction includes an increased level of assurance in purchaser or user identity.
This project and its example solution will help reduce the risk of false online identification and authentication fraud for e-commerce transaction with multifactor authentication tied to existing web analytics and contextual risk calculation.
As greater security control mechanisms are implemented at the point of sale, retailers in the United States may see a drastic increase in e-commerce fraud, similar to what has been widely observed in the UK and Europe following the rollout of EMV chip-and-PIN technology approximately ten years ago. Consumers, retailers, payment processors, banks, and card issuers are all impacted by the security risks of e-commerce transactions. Retailers bear the cost for fraudulent, card-not-present transactions, motivating them to reduce fraud in order to avoid damage to reputation and eliminate potential revenue losses, which have been estimated to be over $3 billion dollars. Part of e-commerce fraud reduction includes an increased level of assurance in purchaser or user identity. In collaboration with stakeholders in the retail and e-commerce ecosystem, the National Cybersecurity Center of Excellence (NCCoE) has identified that implementing multifactor authentication for e-commerce transactions, tied to existing web analytics and contextual risk calculation, can help reduce the risk of false online identification and authentication fraud. Consumers and retailers will adopt multifactor authentication mechanisms as long as they do not unnecessarily encumber the purchasing process or if they are applied evenly across the entire sector. Building on this collaboration with the business community and vendors of cybersecurity solutions, the NCCoE will explore methods to effectively identify and authenticate purchasers during e-commerce transactions and develop an example solution composed of open-source and commercially available components. This project will produce a NIST Cybersecurity Practice Guide—a publically available description of the solution and practical steps needed to implement practices that effectively identify and authenticate purchasers during e-commerce transactions.
As greater security control mechanisms are implemented at the point of sale, retailers in the United States may see a drastic increase in e-commerce fraud, similar to what has been widely observed in the UK and Europe following the rollout of EMV chip-and-PIN technology approximately ten years ago....
See full abstract
As greater security control mechanisms are implemented at the point of sale, retailers in the United States may see a drastic increase in e-commerce fraud, similar to what has been widely observed in the UK and Europe following the rollout of EMV chip-and-PIN technology approximately ten years ago. Consumers, retailers, payment processors, banks, and card issuers are all impacted by the security risks of e-commerce transactions. Retailers bear the cost for fraudulent, card-not-present transactions, motivating them to reduce fraud in order to avoid damage to reputation and eliminate potential revenue losses, which have been estimated to be over $3 billion dollars. Part of e-commerce fraud reduction includes an increased level of assurance in purchaser or user identity. In collaboration with stakeholders in the retail and e-commerce ecosystem, the National Cybersecurity Center of Excellence (NCCoE) has identified that implementing multifactor authentication for e-commerce transactions, tied to existing web analytics and contextual risk calculation, can help reduce the risk of false online identification and authentication fraud. Consumers and retailers will adopt multifactor authentication mechanisms as long as they do not unnecessarily encumber the purchasing process or if they are applied evenly across the entire sector. Building on this collaboration with the business community and vendors of cybersecurity solutions, the NCCoE will explore methods to effectively identify and authenticate purchasers during e-commerce transactions and develop an example solution composed of open-source and commercially available components. This project will produce a NIST Cybersecurity Practice Guide—a publically available description of the solution and practical steps needed to implement practices that effectively identify and authenticate purchasers during e-commerce transactions.
Hide full abstract
Keywords
retail; multifactor; authentication; MFA; retail; e-commerce; fraud; card-not-present; CNP; web analytics; retail; risk calculation
Control Families
Access Control; Identification and Authentication