The rapid growth of the internet and the world wide web within the recent years has created an interesting phenomenon in e-commerce by offering buyers the expediency of buying from an ubiquitous marketplace and saving the merchants the cost of making brick and mortar investments but for fraudsters the internet has established an anonymous and low-risk avenue to steal and commit crime on the internet.

Information security has become a critical and important requirement in ecommerce as the perceptions of risk and threats continue to strengthen, this security requirement is not only the need for the protection of confidentiality and integrity of the sensitive information, but also e-commerce authentication  and verification of the identity of the cardholder during internet card payment is a crucial necessity and a major problem because of the insufficient and flawed authentication requirement by card issuers to authorise card not present transactions. On the positive side (form the customer’s viewpoint) the card issuers are generally good about responding to challenges and giving refunds, but it would be better for all concerned if the number of fraudulent card not present transactions can be reduced (Walton R. 2005, p. 4).

The e-commerce transaction uses the internet as its corner-stone and strength of operation but there is the perception that using a card to make a payment over the internet is risky and inflicted by information security imperfection which mostly lead to losses of credibility, identity-theft and impersonation. The basic requirement to make a successful card payment over the internet is mostly the provision and submission of the card & personal information, mainly static pass-codes and IDs, to the payment processor for authentication and authorisation, if the card information submitted are correct the authentication will be successful regardless if the card information was provided by the legitimate cardholder or not.

The introduction of the Chip and Pin in the United Kingdom to secure card payment at the point of sale has been a major investment and success story for retailers and the card industry, but its security capability does not extend to secure card payment when the card is not present at the point of sale and this has adversely brought more fraud concentration on this vacuum (Hunter, 2004, p. 4), resulting in utilizing the anonymity and flexibility of the circumstance to make fraudulent card payment on the internet using stolen card information.

The ability to verify that the card information submitted over the internet is done by the legitimate cardholder remains the authentication goal and a huge problem to all merchants who are accepting card payments online since transactions done in this scenario makes use of the card information as opposed to card payment made in the face to face transaction which combine the use of the physical card (what you have) and the Pin (What you know) to authenticate the transaction.

Crime can never be defeated but managed, and this can mean merely the diversion of crime techniques from one channel to another for a variety of reasons including flexibility, benefit, and risk-level (Hunter, 2006, p. 14).

The card not present transaction fraud evolves with e-commerce, but the flexibility, phenomenal and ubiquitous nature of e-commerce which allow buyers to buy from anywhere remotely brought negligence into the scenario aided by the development and introduction of more simplified technology systems which in some cases are used contrary to their purposes to facilitate card not present fraud which in the early year of e-commerce are not possible or difficult to achieve making card not present transaction fraud paramount to all card frauds on UK issued cards. As the world is changing in technology following technology advancement, almost every technology developed has brought benefits as well as attached risks, to every technology there is an anti-technology making it double edged tool to solve and unsolved.

According to academic research, card-not-present fraud has been influenced by the static nature of the payment method which is vulnerable to phishing and other type of identity theft techniques because same data is used over and over again.

Some Vulnerabilities in Card-Not-Present Solutions