The National Cybersecurity Center of Excellence (NCCoE) is currently undertaking the mammoth task of reducing the risk of online retail fraud in the US, seeking comment from the public and industry insiders. The NCCoE is exploring the potential of multi-factor authentication used in tandem with web analytics tools and contextual risk calculation to reduce fraudulent behaviour during e-commerce transactions.

Having identified multi-factor authentication as a safeguard against retail fraud, the NCCoE has opened a discussion with key industry players and stakeholders in order to develop a process which will protect online retailers and shoppers without inhibiting the retail process. It is believed that employing the assistance of the entire breadth of the incredibly varied e-commerce industry; the NCCoE can develop an effective strategy.

The NCCoE outlined their plans in their Multifactor Authentication for e-Commerce report:

“In collaboration with stakeholders in the retail and e-commerce ecosystem, the National Cybersecurity Center of Excellence (NCCoE) has identified that implementing multifactor authentication for e-commerce transactions, tied to existing web analytics and contextual risk calculation, can help reduce the risk of false online identification and authentication fraud.

“Consumers and retailers will adopt multifactor authentication mechanisms as long as they do not unnecessarily encumber the purchasing process or if they are applied evenly across the entire sector. Building on this collaboration with the business community and vendors of cybersecurity solutions, the NCCoE will explore methods to effectively identify and authenticate purchasers during e-commerce transactions and develop an example solution composed of open-source and commercially available components.”

Reaffirming the importance of creating a process which accommodates a simple customer journey, the NCCoE understands that retailers will be reluctant to employ any anti-fraud measures which may potentially deter customers from using their online services. The increased security and improved identity management process must not compromise the e-commerce experience, with all online retailers unwilling to jeopardise their stake in the $400bn industry.

The end goal of the project is to produce an NIST (National Institute of Standards and Technology) Cybersecurity Practice Guide for all e-commerce retailers, detailing the steps to securely and accurately identify and authenticate online purchasers. It will then be the decision of stakeholders how to implement the steps and suggestions, aligning them within the structure of the e-commerce site’s existing customer journey and retail portal.

A secondary purpose of the practice guide is to demonstrate the existence of current multi-factor authentication technologies and products which effectively manage identity authentication.

At ProofID, we provide a selection of fully managed identity management solutions for a wide range of different industries and sectors. By identifying next generation technologies, we can provide bespoke fully managed identity management solutions which perfectly complement your online services.