[Dave Birch] As was discussed here absolutely ages ago, something has gone fundamentally wrong with the payment schemes efforts to cut card-not-present (CNP) fraud on the Internet by introducing 3D Secure (in the form of Verified by Visa and MasterCard SecureCode) to the masses. It’s this: reasonably intelligent customers who are concerned about the security of their internet payment transactions find it impossible to distinguish 3D Secure dialogues from phishing attacks. They can’t tell whether the request they get when shopping to register their card with Visa or MasterCard is a scam, or for real! So what are consumers to do? They can’t tell the difference between a site that’s doing what it should and a phishing attack, they see crashes when they visit financial services organisations web sites (which must undermine confidence) and even if they take the trouble to understand SSL and certificates, they are presented with meaningless gibberish from companies they have never heard of (what does “Verisign” mean to my Dad?).

Technorati Tags: , , ,

This is a really interesting case study and I want to learn as much as possible from it. Now, I can see why consumers don’t care about 3DS. After all, their internet card payments are protected: if someone uses my credit card number on the web somewhere, I don’t much care because my issuer will refund the money (I have never had a problem with this with any of my issuers) and send me a new card if necessary. It doesn’t cost me anything. This is one of the reasons why I only ever use my credit card to buy stuff online and simply cannot understand why anyone ever uses a debit card — or even more unbelievably, a cheque — to buy anything, let alone anything online. All 3DS means to me as a consumer is hassle. But to the merchant 3DS is more straightforward and hence the current situation is more puzzling: 3DS to a merchant ought to be a no-brainer because if they offer 3DS then they are covered against chargebacks for all transactions, not just the 3DS ones. So it would seem rational to me that merchants should provide incentives to get me (the customer) to use 3DS. But they don’t. They seem to be losing a lot of money to fraud, yet more than half say they’ve no intention of implementing 3DS because it’s too complicated for consumers. I know that online merchants are concerned that additional clicks lead to abandoned carts but is the drop off rate so high? And if it is, what could be done to educate consumers more effectively to continue with 3DS authentication and not give up and click away? Or, and I hate to say it, should Visa and MasterCard sit down and rethink the whole approach?

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

1 comment

  1. [Norman Frankel] Actually VbV and 3DS does not transfer the liability off the merchant in its entirety – although that is the way it is sold to the merchant – there are categories not covered such as many prepaid transactions, there are volumes of fraud above which you drop out of the liability shift programme and at the end of the day the shift covers 80% of the 50 or so reason codes – the other 20% are not covered so the liability in these scenarios (albeit limited) remain with the merchant.

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: