Rules Engine - Fraud Library

The Fraud Practice eCommerce Fraud Consulting Services

Secure tokens use a device to create a unique number to authenticate the end user. Typically these devices have been used in network security, but there are vendors now offering this type of solution for consumer authentication.

AKA. secure tokens, fobs, RSA tokens

Enter your search terms Submit search form

Web www.fraudpractice.com

You have to own your customer to be effective with tokens ...

Secure tokens use a device to create a unique number to authenticate the end user. Typically these devices have been used in network security, but there are vendors now offering this type of solution for consumer authentication.

How Good Is It? 

The device is a good way to ensure that the consumer is who they say they are. To use this solution you have to have the consumer and merchant participating for it to work. It requires the consumer carry a “fob” to produce the unique number. And it requires the merchant to have the ability to authenticate the number the “fob” created. It is not likely that a fraudster will be able to mimic or copy the number, as they change every minute, but the device can be stolen by a fraudster.

Typically this solution is offered by a particular merchant or bank and the consumers can use it at any of the participating merchant locations. If they go outside of the supported merchant base the tool is useless, and the regular fraud-prevention techniques come into play. Market adoption of this type of solution is extremely low.

Secure tokens as a fraud-prevention technique:

• Doesn’t catch true identity theft cases.

• Requires the consumer carry a “fob.”

• Requires all merchants to support the validation of the number.

• Is a good method to get non-traditional e-commerce or MOTOcustomers to make purchases through these channels.

Considerations When Implementing or Buying This Functionality    

• What type of device or “fob” does the solution offer?

• Will the device work with any other merchant site?

• Who provides customer support if the “fob” is defective?

• How long is the “fob” going to last?

• Does the device use a unique PIN combined with the Fob to increase the security?

Estimated Costs – Moderate

Alternative Solutions –  Smart cards, consumer authentication

Vendors – Cardinal Commerce, RSA

How Does it Work?  

The merchant or bank issues the consumer a “fob.” This is a device the size of a key that creates a unique number every minute. These fobs come in different sizes and shapes, and you can get them as key rings or credit cards. The consumer is also issued a PIN to use with the unique number.

When the consumer is ready to make a purchase, he or she goes to a merchant that supports the technology and they chose what they want to buy and then start the check-out process. When going through the buy process, the consumer will be asked to give the PIN and the unique number generated by the fob. The merchant will likely be going to a third-party service that has an application that can match the exact number the fob will create to see if the number provided by the consumer matches or not. If it does you have authenticated the consumer, if it does not you would then reject the order or attempt another authentication technique.

How Do I Use the Results?  

If the consumer can authenticate via the secure token, then you would accept the order. If the consumer cannot authenticate, you would reject the order. If a consumer comes in that is not using the secure token, you will have to have processes in place to catch fraud with these orders.

If you support this type of solution you should also set up a process to confirm a card is not supposed to be using a secure token. This will prevent you from processing an order for a consumer that had their card stolen, and is being used fraudulently.

Building This In-House 

N/A

Property of The Fraud Practice, all rights reserved, no unauthorized duplication, reproduction or distribution without the express written permission of The Fraud Practice.