Solution is manifold
The solutions to this problem are many and multifaceted. Of all the possible ways to address the issue, the technological path proves its appeal by being more direct and straightforward. Two-factor authentication, for instance, provides a means by which users can quickly identify themselves using something they know (e.g., a password), and something they own (e.g., a smartphone). Throw in fingerprint scanners and facial-recognition software, and you have an impressive (though not insurmountable) technological barrier for malicious third-parties.
The next line of defense is regulatory arrangements. In 2015, the European Union ratified the second incarnation of the Payment Services Directive – PSD2. Being a directive rather than a regulation, this collection of measures had to be implemented by member states. Despite Brexit, it’s also coming to the UK, after the Financial Conduct Authority (FCA) set a deadline for its implementation for 14 March, 2022.
The directive leverages the mandatory use of Strong Customer Authentication (SCA) measures in order to bring every online transaction in compliance with the most relevant version of the 3D Secure protocol. Fortunately, with the more stringent security requirements comes a more flexible approach to conducting online payments. Thus, the second iteration of the protocol (3DS V.2) introduces an exemption mechanism for low-risk transactions to improve customer experience and payment approval rates.
The intent for this new raft of rules is to improve cardholder protection while bolstering competition among issuer banks and non-banking financial institutions. The incentive will follow a blueprint set out by the General Data Protection Regulation (GDPR), and its effects could be just as far-reaching.