Online Fraud Safety Futures Evolve

Welsh Tech Takes on Online Fraud with a Return to Classic Security

A new payment system, born from a simple family conversation in Monmouthshire, aims to revolutionise online shopping security. The technology brings the familiarity of in-store chip-and-PIN transactions to the internet. An inventor developed the software after his mother-in-law expressed her anxieties about online payment security amid the health crisis. This innovation, called Card Present over Internet (CPoI), allows customers to bring their bank card into contact with their mobile device and then key in their personal identification number to approve a purchase. It sidesteps the need to enter confidential account information into websites, a process that remains a major vulnerability for consumers and retailers alike. Industry leaders have already labelled the system a potential "game changer" for e-commerce.

The Persistent Threat of Digital Fraud

Online retail is built on a model classified under the 'card not present' or CNP transaction principle. This system requires that consumers must provide their sixteen-digit card number, expiry date, and security code to a merchant's website. While convenient, this process exposes a trail of sensitive data that criminals actively exploit. Once these details are compromised, they can be used to make fraudulent purchases across the web. The scale of this problem is immense. According to UK Finance, an organization representing the finance industry, there were over 2.1 million UK incidents of CNP-related deception during 2023. These cases resulted in gross losses exceeding £350 million.

The Cost for Businesses and Consumers

The financial burden of this fraud falls heavily on retailers. Payment processing companies charge merchants higher fees when processing CNP sales due to the heightened danger involved. When a fraudulent transaction occurs, businesses often face chargebacks, where they must refund the disputed amount, losing both the revenue and the product. Some reports indicate that the combined global cost of fraud and chargebacks for online merchants reaches into the tens of billions of dollars annually. This financial pressure can be devastating for businesses of all sizes. The impact on consumers extends beyond monetary loss, causing significant stress and eroding trust in online commerce.

A Very Personal Inspiration

The concept behind CPoI originated not in a corporate boardroom, but from a personal frustration. During the Covid-19 pandemic, inventor Justin Pike witnessed Mary Maddy, his spouse's mother, struggle with online shopping. Confined to her home in Newbridge, Caerphilly county, she found the process of entering her card details online unnerving. She voiced a simple but powerful question: why could she not just use her phone and her card together, similar to a shop transaction, for a more secure feeling? That conversation was the catalyst for Mr. Pike, who already had a background in developing secure mobile payment software for independent traders.

Image Credit - Freepik

Replicating Physical Security Online

The CPoI system fundamentally re-engineers the online payment process. Its name, which stands for 'Card Present over Internet,' describes its core function: its purpose is to duplicate the secure "card present" transaction of a physical shop in a digital environment. When a customer chooses this option at checkout, they are instructed to bring their contactless bank card near their own smartphone. They then enter their familiar four-digit PIN on the phone's screen to authorise the payment. This action leverages the existing security embedded within the card's chip, a system proven for decades in retail environments. The process is intuitive and requires no special app downloads.

Shifting the Liability

A key advantage of the CPoI model is how it handles liability. In standard online (CNP) transactions, the liability for fraud rests with the merchant. This is because there is no definitive way to prove the legitimate cardholder authorised the payment. By contrast, the CPoI system, through the physical interaction of the card and the entry of a PIN, verifies the cardholder's identity. This shifts the transaction into the "card-present" category, where the liability typically sits with the card-issuing bank, just as it does for in-store purchases. This could drastically reduce the financial risk for online businesses.

A Costly Problem Beyond Fraud

Beyond direct fraud, online retailers face another significant financial drain: false positives. These occur when a legitimate transaction is incorrectly flagged as fraudulent by automated anti-fraud systems and is subsequently blocked. This issue is incredibly costly, with one report suggesting it costs merchants hundreds of billions of dollars globally each year. When a genuine customer's payment is declined, it creates a poor experience, and studies show that a large percentage of these customers will not attempt to shop with that retailer again. By authenticating the user upfront, CPoI could eliminate the need for these aggressive and often inaccurate anti-fraud filters.

Image Credit - Freepik

How It Stacks Up to Existing Solutions

Platforms like Samsung Wallet and Apple Pay have already made significant strides in improving online payment security. They use technologies like tokenization, which substitutes private payment specifics with a unique digital token, and require biometric verification such as a fingerprint or facial scan. These methods are highly secure and popular among users of those platforms. However, their use is frequently limited to the proprietary devices of a single corporation and requires users to enrol in the service. CPoI aims to be a more universal solution, working with any standard contactless card and a compatible smartphone.

Simplicity as a Feature

The CPoI system's design philosophy centres on simplicity and familiarity. The company behind the tech, Burbank, highlights that its solution avoids many common friction points in online checkouts. There is no need for separate biometric checks, no waiting for verification codes via text message or email, and no switching between different applications to complete a payment. This streamlined process aims to reduce user frustration and lower the rate of abandoned shopping carts, a major issue for e-commerce sites. The goal is a payment journey that feels as seamless and secure as paying in a local shop.

An Industry "Game Changer"

The potential of CPoI has not gone unnoticed by the global payments industry. The technology's debut in south Wales attracted executives from major international payment platforms, such as payment processors UATP and Elavon. Also in attendance was Transactility, which serves as the business division for jPOS, an open-source payment software used to route transactions across a network spanning over 110 nations. Constantino Voulgaris, the chief executive of Transactility, described the invention as a potential revolutionary development. He noted its benefits for all parties involved, including payment processors, merchants, and, most importantly, the consumer.

The View from the Payments Community

Paul Rodgers of Vendorcom, a group that represents key entities in the commercial payments world, has also highlighted the software's potential. He acknowledged that creators of mobile gadgets have already established a precedent of user trust in their equipment for payments. He pointed to the significant "cost advantage" that CPoI presents for e-commerce businesses. By transforming an online sale into a lower-risk, card-present transaction, merchants could benefit from lower transaction charges from their payment providers. This, combined with reduced fraud losses, presents a compelling financial argument for adoption.

Image Credit - Freepik

Consumer Confidence and Concerns

The ultimate success of any new payment technology hinges on consumer trust and adoption. Shoppers today have mixed views and habits. Some, like a Cwmbran resident named Ruby, are highly conscious of security after family members experienced card fraud. They rely on methods like Apple Pay and look for security symbols on websites. Others, like a man named Gareth who resides in Llanarth, feel more protected using services like Google Pay, which provide virtual card numbers. He noted that his generation has largely grown up with online shopping and has less anxiety about the process. Building broad confidence will be key.

Overcoming Digital Distrust

A significant portion of the population remains wary of digital payments, a fact that CPoI seeks to address directly. Research shows that many consumers are more worried about security when paying online than in-store. This anxiety is particularly prevalent among those who are less comfortable with technology, the very demographic that inspired the CPoI concept. The familiarity of tapping a card and entering a PIN—a process used for nearly two decades in the UK—is a powerful tool for overcoming this distrust. It replaces an abstract data exchange with a tangible, well-understood physical action.

The Thriving Welsh Fintech Scene

The development of CPoI is a significant achievement for the burgeoning financial technology sector in Wales. The region has become an increasingly active hub for innovation, with the fintech industry contributing approximately £1.6 billion to the Welsh economy. The sector now employs around 13,000 people, a figure that has grown by 15 per cent since 2021. Investment is also on the rise, surging from £13 million in 2022 to £70 million in 2023, signalling strong confidence in the region's potential. This environment provides a fertile ground for companies like Burbank to develop and scale globally.

A National Innovation with Global Reach

Major companies are scaling up their operations in Wales. Starling Bank, for example, has significantly increased its workforce in Cardiff. The FinTech Wales accelerator programme, known as the Foundry, is successfully nurturing new companies and has been instrumental in attracting international firms to the country. Justin Pike has stated that a primary objective, should the technology achieve widespread success, is to ensure the Welsh origins of CPoI are widely recognized. This ambition aligns with the broader goal of establishing Wales as a globally recognised centre for fintech excellence.

The Path to Adoption

The team behind CPoI has ambitious plans for its rollout. The technology is live, certified, and ready to scale. Following a successful funding round, the immediate priority is integrating the system with global acquirers and payment service providers who can deploy it rapidly. The technology is designed to integrate directly into existing payment systems, simplifying the adoption process for online merchants. The inventor, Justin Pike, expressed his hope that consumers will begin seeing CPoI appear as a checkout choice on payment pages by the close of 2025. The coming months will be crucial in gauging retailer and customer appetite for this new, yet familiar, way to pay.