Alasdair Rambaud, CardinalCommerce "Fraud isnt going anywhere - it is here to stay, increase, and be sophisticated"

Which are the basic steps that consumers and companies need to take into account to avoid data breaches and other security incidents?

I think one of the main steps is to make sure that they are working really carefully with the card numbers and they are not storing any of them, as many companies have outdated software which grabs card data. Fraudsters can find thousands or millions of card numbers stored when companies had no idea they were because of a piece of software that was put in five years ago and it was capturing all the data that went by. Those incidents have a huge risk for companies.

Still, there are companies with developed software that can tell you if there are any card numbers anywhere and they always find things. Companies must be much more conscious of it and make use of this kind of tools, as this is becoming a problem even among smaller merchants.

Companies should also be more conscious around how they operate and review what they do. Outsourcing is a solution and it is a lot cheaper than a data breach. Tokenization is also a good way to protect your business and, as storing card numbers today is increasingly becoming a liability, companies should think twice if it really should be encrypted.

Your company has recently stated that mobile shopping “isn’t going anywhere but up”. What is the effect that the rise of m-commerce and m-payments has over fraud?

There are two types of mobile commerce: there is mobile browser commerce and there is app commerce.

Mobile browser commerce is really about the look and how you, as a merchant, display correctly to a variety of screen sizes for customers - and there are challenges in a checkout processes. If someone is asked to put in the card number and cannot read what fields are required or have to scroll six times, it is definitely not so user-friendly. Mobile browsing is really a matter of having a responsive design, and that is what enables commerce.

The other matter is around security, as a lot of security tools are already created for web and HTML. For an app, there are solutions that do not work, like the 3D Secure protocols, and you have to modify it for app traffic. Many vendors out there do not know how to do that, so they are turning it off, making the channel more vulnerable to fraud. In an HTML online transaction, you can capture the IP addresses and browser credentials, but when you are dealing with a mobile device, you do not have all of the traditional data, so you really have to rethink what you are capturing and work with other companies that have other available information to do your fraud screening. I think companies that do not do well in mobile commerce are the ones that use their regular web solutions and just apply them mobile. This is not a good way to proceed, you need to have a separate mobile strategy, and use, in some cases, a different type of fraud tool.

Did you ever encounter this kind of issue?

Yes, we have: and we have seen two sides: those who figure it out and do amazing mobile browsing, who build specific things to really optimize mobile and, on the other side, those who are still struggling. And you see this from the adoption rates, some customers go to 50-60% mobile adoption and others do not, and it is not because customers do not want to, it is because their apps are not optimized, thus missing a lot of mobile commerce opportunities.

Have the general attitudes about consumer authentication and its adoption changed over the past years and how?

Three years ago, when I joined Cardinal, when you mentioned the 3D Secure everybody was reluctant, because of the huge abandonment. I remember people saying “I have a pretty good solution, I have only 15% abandonment.” Today, this would be unacceptable. First, the technologies changed, but the perception lags behind the technology. For example, when we launched Consumer Authentication in March of 2013, it took a while for people to understand what we were doing and it was really towards the end of 2014 – 2015 when most of the large merchants understood what we were doing and embraced it.

Today, we have Customers who thought they would never run a solution that involves 3D Secure, not only applying it, but being happy with it, seeing good results and a reduction in fraud. Even the first version of it that came out in March 2013 was not the same as the one today and it will not be the same in a year’s time. We are constantly improving the tool as we go, and that is what changed the perception. You can see the change of perception in the US, the UK, and now we can see the shift in the other countries: Germany, France and more.

You have recently launched a report dubbed EMV: The Deadline Has Passed. Now What? According to your findings, what steps should merchants take to protect themselves from CNP fraud?

A lot of merchants are focused on EMV, in protecting the offline channel, but do not put the same effort for the online environment, and we warn them that’s where they are going to be hit hard. Since October, CNP fraud now is the place to go and merchants saw a significant increase in fraud attempts.

Merchants are killing more transactions and that is not the way to go, but they are still so afraid of fraud and this is seen in that mindset. For example, there are many countries where you cannot shop virtually cross-border and that is incredibly frustrating. If they want to keep customers and expand globally, this is not the way to do it. I heard merchants saying: “When it is the US, we just block them, because there is too much fraud there”, to which I reply: “Do you realise there are over 300 million people in the US?”. And it is the same thing for European people on US websites. I think there are a lot of improvements to be made, as you cannot put a bulletproof door, while leaving the windows open. But I think, finally, they are realizing that they need to do something about the CNP channel.

Cardinal Commerce has attended both the MRC Vegas and MRC Europe events. After the presentations, which are, in your opinion, the main trends in ecommerce fraud prevention for 2016?

In terms of fraud, the main take-away is that it is not going anywhere. Fraud is here to stay, increase, and be sophisticated. I was talking with a group of merchants and they were saying “it is not about what tool you choose, it is about how you use it and how that tool is going to evolve.” Working with vendors means you have to constantly innovate. Even if you buy the best tool that is on the market, it is important to constantly invest in that tool. One of the things we take pride in is that, as we learn together with our merchants, we improve our service offering and our products. We have hundreds of developers that help us refine our product and make it more user-friendly constantly, because ultimately, our customer is the manager.

About Alasdair Rambaud

Alasdair has spent almost 20 years in the Payments industry in various roles ranging from General Management and Sales Leadership to Finance & Technologies. In these various roles, he has proven himself for his commitments to customers and his ability to be a visionary. He has received numerous Leadership Awards throughout his career.

Alasdair is currently Senior Vice President for Merchant Services at CardinalCommerce, where he manages the global merchant business. He has been instrumental in Cardinal’s expansion of their sales organization, and Cardinal has expanded Cardinal Consumer Authentication in the US and Internationally.

Mr. Rambaud holds a degree in Business Economics from the “Universite de Reims Champagne-Ardennes” in Reims France.

About CardinalCommerce

CardinalCommerce is the pioneer and global leader in enabling authenticated payment transactions in the card-not-present payments industry, and the largest authentication network in the world. Through One Connection to Cardinal, we enable friction-free, technology-neutral authentication and alternative payment services (including digital wallets and mobile commerce services). CardinalCommerce is headquartered in Cleveland, Ohio and services a worldwide Customer base from facilities in the United States, Europe and Africa. Read more about the company here.