Device identity and authentication solutions provider Entersekt is working with South Africa’s Capitec Bank to improve the security of eCommerce payments, according to a Tuesday (May 10) press release emailed to PYMNTS.
Entersekt’s solution uses behavioral analytics provided by NuData Security to deliver risk-based authentication technology, the release stated. The two companies have worked together since 2020.
“eCommerce or ‘card-not-present’ fraud remains unacceptably high in South Africa, accounting for 80% of credit card and 53% of debit card fraud last year, according to SABRIC,” said Entersekt CEO Schalk Nolte in the release. “Entersekt’s EMV 3-D Secure solution combines our strong authentication technology with the latest in behavioral technology to address exactly this security issue.”
See also: Collaboration, Education and Payments Orchestration Key in the Battle Against Fraud
The solution lets Capitec identify high-risk eCommerce interactions in real time, which Entersekt said in the release will improve security without impacting the customer experience. It combines behavioral biometrics, machine learning and “insights from billions of anonymous data points” to separate authentic users from potential fraudsters.
The tool comes up with a risk score for an eCommerce transaction during checkout. If there is a little-to-no risk, the transaction continues normally. If there is a risk present, the solution triggers a “step-up authentication process,” according to the release. The solution supports several authentication methods, including in-app push prompts, biometrics and FIDO-certified security keys.
PYMNTS spoke last month with Simon Armstrong, vice president of products at Entersekt, about the need for companies to balance customer experience and security to accelerate the adoption of open banking.
Read more: Open Banking Platforms Strive to Balance Security and Ease of Use
Authentication is a crucial part of that equation, he said. It’s vital to make it crystal clear — and seamless — when customers access third-party services using a bank’s website via application programming interfaces (APIs), and to get the consent of the customer.