Following the recently published research brief (PDF) on remote authentication fraud, the Federal Reserve has now published the second brief in the series: Fraud Types and Authentication for Remote Payment Use Cases (PDF). This brief takes a closer look into several remote payment use cases and authentication methods that can help prevent the most common types of remote authentication fraud.
Remote authentication fraud occurs when someone who is not the legitimate owner of an identity or financial account either creates a new account or takes over an existing digital account for the sole purpose of committing an illegal activity using stolen payment credentials or unauthorized payment information. To prevent these types of fraud attacks, authentication of both the customer and payment method should occur at each step in the remote payment process: account creation, enrollment and transaction.
Unfortunately, fraudsters continue to exploit vulnerabilities through data breaches, “phishing” attacks and malware infusion with a resulting impact in new account and/or account takeover fraud. This second research brief on remote authentication fraud (PDF) discusses the specifics of these vulnerabilities and some of the authentication tools the industry applies to help prevent fraud depending on the use case, such as effective Know Your Customer (KYC) compliance for new accounts, risk-based authentication (RBA) tools, payment tokenization and two-factor or multi-factor authentication.
To learn more, explore the full research brief series. Watch for the third and final brief on additional payments industry approaches and tools to mitigate remote authentication fraud, build awareness, and engage industry stakeholders.