Products and Solutions

RSA and NIST Agree - MFA a Critical Technology to Secure eCommerce

Aug 17, 2019 | by Michael O'Connor |

As consumer purchases continue to move from brick-and-mortar with new channels facilitating those purchases, fraudsters innovate and take advantage of the opportunities. Businesses offering online sales have had to address the focused fraud attempts and determine which technologies to implement to thwart them, while maintaining a frictionless experience for their customers. Among these approaches, multi-factor authentication (MFA) has proven to be resilient and effective over time.

In 2018, I wrote an article about RSA's collaboration with NIST on an MFA project to help reduce the risk of online fraudulent transactions. At that time, a draft version of the working group document was released for public comment. Over the course of the following year, comments were reviewed and, if salient, incorporated into the final version. NIST Special Publication (SP) 1800-17, Multifactor Authentication for E-Commerce was made available July 30, 2019. You may download the guide without cost in its entirety or in parts by volume.

The guidance provided demonstrates how online retailers can implement MFA to reduce the risk of fraudulent online purchases. Implementing a security solution such as this may help retailers offer greater account security for returning customers, more situational awareness of e-commerce platform functionality, help avoid system administrator account takeovers through phishing, and boost customer confidence in the retailer's commitment to security.

This practice guide demonstrates how commercially available technologies can be integrated with existing tools to provide online retailers with best-of-breed fraud mitigation while minimizing friction for genuine users.

The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses' most pressing cybersecurity challenges.

# # #

Learn more about RSA® Fraud & Risk Intelligence Suite as a best practice for securing customer accounts.