How has it helped my organization?
The valuable element is the data that I have. They have a lot of machine fingerprint data and that's data that we miss on non-3D Secure card not present transactions. We see a high value in that. With all the fraud rules that we built, we have a very good false positive ratio because of the big data that CA has.
What is most valuable?
We are using CA Transaction Manager for authentication and have CA's Risk Analytics for rules and case management. As an authentication method, we currently have static password + OTP via SMS (2-factor) and softOTP in our App. SoftOTP is an OTP generator within our own banking app delivered by CA. Soon we are going to migrate from SoftOTP to a new sdk that includes biometrics, also delivered by CA.
What needs improvement?
For CA Risk Analytics, we would like to have some statistics available, to do some counting on the number of transactions for example. Also, to have the ability not only for 3D Secure, but accross all online channels. Online banking and App.
Because then you would have three online channels. You would have the same device data, so you can combine it. So then you would have an online banking platform, an app, and 3D Secure all from one supplier. This supplier would support all of our authentication methods across those three channels.
That's our ultimate goal to have one supplier to support all three online channels.
For how long have I used the solution?
I think we started with this solution in 2003.
What do I think about the stability of the solution?
It's very stable. I know in the beginning when moving from static password to soft OTP there were some bugs. But that's normal. With every new solution, you have to tweak.
What do I think about the scalability of the solution?
Within the Netherlands, if I can speak about the Dutch market, a lot of Dutch internet merchants support 3D, but on a scale of all card not present transactions, only 25 to 30% of the merchants are 3D Secure for card not present transactions. But we would like to see that moving further so that all card not present merchants support 3D Secure.
How are customer service and technical support?
This is very good. We have been in contact because the technical team is in India, so we have a lot of contact with the people over there.
Sometimes, there is a bit of language issue of understanding problems. But normally, project managers who are there to deal with our issues speak very good English and there's a good relationship there.
How was the initial setup?
I think in some migrations from static password to SoftOTP, there was a large impact on cardholders. We also did a biometrics pilot together with MasterCard and CA and it went very smoothly.
What other advice do I have?
Card holders have to step up for authentication. The fraud rates dropped for card not present fraud. We see that the non-3D Secure fraud is rising as well as account takeovers. That's why I think it's very good to have such a product in place.
When selecting a vendor, I want them to be straightforward, do a lot of innovation, and be a step upfront of the issues as needed. I think those are the most key and important things that we expect.