Retail is in an awkward in-between stage when it comes to online security. In shifting their purchasing to online options, shoppers are using both desktop computers and mobile devices. Had they moved straight to mobile, authentication options would be numerous, including selfies and other biometric authentication such as fingerprints.
But the National Institute of Standards and Technology's National Cybersecurity Center of Excellence (NCCoE) is trying to bolster security and authentication on desktops and mobile devices. It was spurred to tackle its Multifactor Authentication for e-Commerce project because of the realization that increased security in the physical world (with such steps as cards with EMV chips) means thieves are going to start to focus more on card-not-present transactions.