Even the boldest predictions place total e-commerce sales well below 15% of total U.S. spending by 2020. Yet e-commerce spending represents substantial future growth and has commanded billions of dollars in investments from credit card companies, merchants, banks, and venture capitalists. This future has gone relatively unsecured. Despite usage spikes for e-commerce and especially mobile commerce, no amount of investment has yet corralled e-commerce fraud. The rise of card-not-present (CNP) transactions has been paralleled by spikes in declined transactions, chargebacks, bot attacks, and fraudulent transactions.

The gauntlet has been thrown down for 2019 and beyond by individual corporate financial service companies, their consortia, and start-ups specializing in new antifraud technologies such as artificial intelligence. The most promising of these technologies is 3-D Secure, version 2.0 (3DS2), an upgrade of current authentication technology from the global card network-led EMVCo that not only improves authentication but also enables tokenization (generating random numbers to disguise base identification data) in a quest to further secure e-commerce.

In trying to solve e-commerce security issues, the industry is getting in its own way in some sense. 3DS2 is a significant upgrade over the original protocol, 3DS, and could reduce the success of e-commerce and m-commerce fraud attacks and the resulting costs. Yet, credit card companies are preparing a more aggressive upgrade called Secure Remote Commerce (SRC). Besides upgrading the security architecture, SRC aims to improve the customer experience by “unifying” the purchase “buy” button. With SRC the purchase page has one “buy” button regardless of the merchant on the other end of the sale or the card network the consumer uses.

Also on the radar are two more security technologies for banks and merchants. First, the World Wide Web Consortium (W3C), an international consortium of e-commerce companies and tech giants, is developing its own payments protocol and accompanying security architecture. Second, Microsoft, IBM, and other members of the W3C consortium are pushing the payments capabilities of digital Identification technologies, which may utilize blockchain technology.

This report, Securing E-Commerce: Competing Technology Crowds the Market, evaluates the current and future state of e-commerce security and finds promise and peril in new technology