About The Blog

Debate at the intersection of business, technology and culture in the world of digital money, both commercial and government, a blog born from the Digital Money Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Stickers are the future, I'm telling you | Main | Don't do as I do »

Education policy

By davebirch posted Jul 10 2007 at 5:37 PM
[Dave Birch] As was discussed here absolutely ages ago, something has gone fundamentally wrong with the payment schemes efforts to cut card-not-present (CNP) fraud on the Internet by introducing 3D Secure (in the form of Verified by Visa and MasterCard SecureCode) to the masses. It's this: reasonably intelligent customers who are concerned about the security of their internet payment transactions find it impossible to distinguish 3D Secure dialogues from phishing attacks. They can't tell whether the request they get when shopping to register their card with Visa or MasterCard is a scam, or for real! So what are consumers to do? They can't tell the difference between a site that's doing what it should and a phishing attack, they see crashes when they visit financial services organisations web sites (which must undermine confidence) and even if they take the trouble to understand SSL and certificates, they are presented with meaningless gibberish from companies they have never heard of (what does "Verisign" mean to my Dad?).

Technorati Tags: , , ,

This is a really interesting case study and I want to learn as much as possible from it. Now, I can see why consumers don't care about 3DS. After all, their internet card payments are protected: if someone uses my credit card number on the web somewhere, I don't much care because my issuer will refund the money (I have never had a problem with this with any of my issuers) and send me a new card if necessary. It doesn't cost me anything. This is one of the reasons why I only ever use my credit card to buy stuff online and simply cannot understand why anyone ever uses a debit card -- or even more unbelievably, a cheque -- to buy anything, let alone anything online. All 3DS means to me as a consumer is hassle. But to the merchant 3DS is more straightforward and hence the current situation is more puzzling: 3DS to a merchant ought to be a no-brainer because if they offer 3DS then they are covered against chargebacks for all transactions, not just the 3DS ones. So it would seem rational to me that merchants should provide incentives to get me (the customer) to use 3DS. But they don't. They seem to be losing a lot of money to fraud, yet more than half say they've no intention of implementing 3DS because it's too complicated for consumers. I know that online merchants are concerned that additional clicks lead to abandoned carts but is the drop off rate so high? And if it is, what could be done to educate consumers more effectively to continue with 3DS authentication and not give up and click away? Or, and I hate to say it, should Visa and MasterCard sit down and rethink the whole approach?

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d8341c4fd753ef00e008d5d3718834

Listed below are links to weblogs that reference Education policy:

Comments

[Norman Frankel] Actually VbV and 3DS does not transfer the liability off the merchant in its entirety – although that is the way it is sold to the merchant – there are categories not covered such as many prepaid transactions, there are volumes of fraud above which you drop out of the liability shift programme and at the end of the day the shift covers 80% of the 50 or so reason codes – the other 20% are not covered so the liability in these scenarios (albeit limited) remain with the merchant.

The comments to this entry are closed.