The National Institute of Standards and Technology (NIST) is seeking comments on its new practice guide for the e-commerce sector, “Multifactor Authentication for E-Commerce.” The new guide is being released after a recent Experian study found that e-commerce fraud attacks in the United States increased by more than 30% in 2017.
Through its National Cybersecurity Center of Excellence, NIST has worked with stakeholders in the retail sector on a draft practice guide that focuses on using multifactor authentication to reduce fraudulent online purchases. The guide offers risk-based scenarios and aims to help retailers identify fraud. According to NIST, if certain risk elements are exceeded in a transaction, there is an increased likelihood that fraudulent activity is taking place.
In such cases, purchasers would be required to present another distinct authentication factor, or something that only the purchaser has, in addition to their username and password.
NIST says that the practice guide can help organizations reduce fraudulent online purchases, show customers that the organization is committed to security, help avoid account takeovers through phishing and assist entities in implementing cybersecurity solutions using a step-by-step process.
The public comment period for the guide closes on October 22, 2018. Read the guide and leave a comment here.