Verified by Visa and MasterCard SPA Value Eludes E-Tailers

Similar documents
A report showing the merchant s settlement. The acquirer settlement report is generated by the acquiring bank at the end of every billing cycle.

Recognizing Credit Card Fraud

Cardholder Authentication Guide

Visa s Approach to Card Fraud and Identity Theft

Managing Chargebacks. April 2016

Visa Merchant Best Practice Guide for Cardholder Not Present Transactions

American Express SafeKey Frequently Asked Questions

PayStand s Guide to Understanding ACH and echeck. How to Receive Direct Bank Payments Online

Community 25, Near DPS Int. School, Dawhenya, Tema Box OS 1745, Osu-Accra USER AGREEMENT

Tips for Preventing Credit Card Fraud and Avoiding Chargebacks

Handling Debit Card Chargebacks

COM W. Rishel

Rapport ECB Recommendation on Security for Internet Payments Swedbank Response Specification/version: v

A to Z Jargon buster. Call +44 (0) to discuss your upgrade options

ADVANTAGES OF A RISK BASED AUTHENTICATION STRATEGY FOR MASTERCARD SECURECODE

NATIONAL PAYMENT AND SETTLEMENT SYSTEMS DIVISION

UPCOMING SCHEME CHANGES

Global Visa Card-Not-Present Merchant Guide to Greater Fraud Control. Protect Your Business and Your Customers with Visa s Layers of Security

Visa Rewards. Consumer and Commercial Cards Terms and Conditions

card fraud business Helpful information for Merchants Avoiding card fraud

RentWorks Version 4 Credit Card Processing (CCPRO) User Guide

U.S. BANK FOCUS CARD. Frequently Asked Questions. The Focus Card. What is the Focus Card? How does the Focus Card work?

Managing Chargebacks

D.L. Evans Online Banking & Electronic Document (E- Document) Agreement & Disclosure

Table of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process

Data Breach Financial Protection Program Terms and Conditions

Ball State University

GUIDE TO BENEFITS MERIDIAN VISA * CASH BACK CARD M40001 (11/16)

Selected Terms & Conditions for Wells Fargo Business Debit, ATM and Deposit Cards

Chargebacks. Your guide to reducing the hassle and cost of chargebacks.

HOW TO COMPARE CREDIT CARD PROCESSORS

Operating Procedures/Guide

3D Secure Frequently Asked Questions

Vancity and Citizens Bank Visa * Cards

TERMS AND CONDITIONS The website is owned and operated by YUKON GLOBAL LTD GLOBAL GATEWAY 8, RUE DE LA PERLE, MAHE, SEYCHELLES. Use of the Website

CONSUMER FRAUD GLOBAL HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX USA

Exactly what kind of bank is South State Bank?

Notification of Rights for Texas Consumers

VIRTUAL BRANCH DISCLOSURE

Smart Tuition Addendum

SunGard Will Build Insurance Portfolio Through Acquisition

Sussex Bank Online Banking Agreement. Our Agreement

UPCOMING PAYMENT SCHEMES RULES CHANGES

Sage ERP I White Paper

Using a terminal to process card transactions

PREPAID CARD GLOSSARY

COM K. Harris

AN 1213 Revised Standards Signature Requirements

Payment Card Acceptance Administrative Policy

Master Service Agreement

GUIDE TO BENEFITS MERIDIAN VISA * PLATINUM CASH BACK CARD M40002 (11/16)

THE STATE OF CHARGEBACKS: 2018 REPORT

Blackbaud Merchant Services TM Portal Features Overview Transaction Management Through the Blackbaud Merchant Services Web Portal

Southwest National Bank Internet Banking Agreement

Purchasing Card (PCard) Guidelines

Neighborhood Credit Union Electronic Fund Transfer Disclosure

Demystifying Credit Card Processing for Nonprofits

What you need to know about credit card processing? The basics of credit card processing? A diagram showing the flow of data authorization

ATM/Debit. Terms and Conditions

Office of Privacy Protection Safeguarding Information for Your Future

Vancity Credit Card Agreement (for Business Use)

TERMS & CONDITIONS FOR INTERNET BANKING SERVICES

VISA RELOADABLE PREPAID CARD TERMS AND CONDITIONS

TERMS AND CONDITIONS FOR BIDELLUS NIGERIA LIMTED

MULTI-ECHELON SUPPLY CHAIN VISIBILITY. CERTIFICATION OF PEOPLE AND MACHINES. SOFTWARE LIFECYCLE MANAGEMENT.

Bank of Ireland is regulated by the Central Bank of Ireland. Contactless R.6 (01/18)

Business Online Banking Services Agreement

How Will the Distributed Ledger Change the Customer Experience?

ALLIED WALLET DIRECT 3D

Chapter 6 - Credit. Section 6.1

A Simple and Secure Credit Card-based Payment System

Selected Terms & Conditions for Wells Fargo Consumer Debit and ATM Cards

Strong Customer Authentication and PSD2

Secure Payment Transactions based on the Public Bankcard Ledger! Author: Sead Muftic BIX System Corporation

TRAVEL CARD PROGRAM POLICY AND PROCEDURES. West Chester University

FIRST NORTHERN BANK & TRUST ONLINE BANKING AGREEMENT

TERMS AND CONDITIONS:

Cumberland Valley National Bank & Trust Company Mobile Deposit User Agreement

Law Department Budgeting and Forecasting. How to Plan, Implement and Benefit From a Formal Budgeting Process

A Primer on B2B Credit Card Processing

Office of Foreign Assets Control FSP Compliance Trends

KANSAS CITY SYSTEM UPGRADE GUIDE

EXCEL FEDERAL CREDIT UNION S Online Banking External Transfer Authorization and Service Agreement

CREDIT CARD AGREEMENT REGULATED BY THE CONSUMER CREDIT ACT 1974

Why was my credit card declined?

ATTENTION: SECTION 8 CLIENTS WHO RECEIVE UTILITY ASSISTANCE PAYMENT Posted: November 2017

The Savings Bank's Online Banking Electronic Service Agreement and Disclosure

2008 Payments Conference

TERMS AND CONDITIONS FOR PAYU PAYERS

EMV Chargeback Best Practices

Any symbols displayed within these pages are for illustrative purposes only, and are not intended to portray any recommendation.

Visa Reloadable Prepaid Card Terms And Conditions

07/21/2016 Blackbaud CRM 4.0 Revenue US 2016 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form

GUIDE TO BENEFITS MERIDIAN VISA * US DOLLAR CARD M40006 (11/16)

CONEXT VISA PREPAID CARD FREQUENTLY ASKED QUESTIONS (FAQs)

Webinar sponsored by:

Provided with permission to Mauch Chunk Trust Company Source: Security Breaches & Identity Theft Consumer Survey presented by RateWatch

On-Line Banking Agreement (Consumers Only) Please Retain For Your Records

Payment Card Security Policy

Chargeback Reason Code List - U.S.

Transcription:

Markets, A. Litan Research Note 20 September 2002 Verified by Visa and MasterCard SPA Value Eludes E-Tailers Payer authentication by Visa and MasterCard offers value for consumers, "e-tailers," issuers and merchant acquirers. Justifiable skepticism of the value proposition is limiting support and may cause the new systems to flounder. Core Topic Financial Services: Financial Services Architectures and Emerging Technologies Key Issue Which vendors and technologies will emerge to drive change in financial services' channel architecture? Strategic Planning Assumption By 2004, greater than 70 percent of large e- tailers will support an integrated MasterCard and Visa payer system (0.8 probability). During the past 12 months, Visa and MasterCard have been busy developing, promoting and implementing payer authentication protocols that promise to protect consumers, electronic retailers ("e-tailers"), card issuers and merchant acquirers from increasingly sophisticated online credit card fraud. In February 2002, greater than 5 percent of online adult consumers reported that they had been victimized by credit card fraud during the preceding 12 months. In June 2002, e-tailers reported that online fraud constituted 1.06 percent of all of their online transactions (compared to some 0.06 percent for in-store sales), according to Gartner research. It is clearly in the interest of all parties to lower the level of online fraud. However, leading e-tailers say the value of implementing these systems remains elusive, and they remain justifiably skeptical of the fraud protection they will receive at least in the short run from the credit card companies. Payer Authentication System Background With perpetually high fraud rates and an increase in the number and sophistication of fraud attacks, e-commerce provides fertile ground for the payer authentication protocols being implemented by Visa Verified by Visa (VBV) and MasterCard MasterCard Secure Payment Application (SPA). Under their competing platforms, consumer identities are verified by the credit card issuer using user identification codes and passwords (the systems also support public key infrastructure and smart cards) when the consumer makes an online credit card payment. Visa heavily advertised VBV in an extensive marketing campaign during the 2002 Winter Olympic Games and Super Bowl. The advertising may have paid off, because consumers show a healthy level of interest in using the VBV and MasterCard security systems (see Figure 1). Gartner Entire contents 2002 Gartner, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.

Any security scheme Figure 1 Current/Planned Consumer Use of Security Schemes 26 43 VBV 14 3.9 22 Mastercard SPA 12 3.8 22 Percentage of all online users Percentage of fraud victims Disposable card numbers Digital certificates and keys on PC Digital certificates and keys on smart card Source: Gartner Research 6 3.7 14 Protection Rating 7 3.4 11 6 3.4 9 0% 10 20 30 40 (Base: Online adult consumers, February 2002; multiple responses allowed Protection rating: Scale of 1 to 7; 7 is the highest perceived protection) Still, payer authentication applications face major hurdles in gaining consumer acceptance. They require that dozens of leading, and hundreds of second-tier, credit card issuers actively promote the system to their cardholders to gain widespread enrollment. (This is in direct contrast to complementary and competing identity services, such as Microsoft Passport, where enrollment occurs by default when the consumer uses a Microsoft online service like Hotmail or the Windows XP operating system. Microsoft just announced a partnership with Arcot Systems, which supports VBV and MasterCard SPA applications for card-issuing banks, that will enable the banks to use a Passport user identification and password to feed into its payer authentication system so that users can have just one identification. This could potentially lead to more-ubiquitous distribution of payer authentication services through the Passport channel, although that is not in anyone's published project plans as yet). VBV is already live with 6,000 issuing banks and credit unions, including five out of the top 10 banks. However, consumer adoption is still just trickling in. The payer authentication applications have technical issues that could potentially turn consumers away. For example, VBV is based on a centralized Visa directory. Authentication of a consumer which occurs before payment authorization 20 September 2002 2

requires several messages across the Internet, potentially making the system susceptible to failed connections. Under VBV, e-tailer software manages the transition from consumer authentication to payment authorization, making the e-tailers fully responsible for the integrity and security of the transactions. Market Drivers: The Subtleties Disfavor E-Tailers Today, e-tailers pay credit card acquirers fees that average 2.5 percent of every online transaction, or approximately 65 percent more than the average 1.5 percent that retailers pay for in-store credit card transactions, according to Gartner Research. On top of the higher fees, e-tailers must absorb the cost of fraud and chargeback (when a consumer denies a charge); in the physical world, card issuers absorb the cost of fraud and chargeback as long as the merchants keep a signed receipt of the purchase and can prove it was made. Credit card issuers clearly favor today's online payment rules they earn higher fees and are not liable for chargeback. Higher fees are warranted because online payments and other card-not-present transactions (such as mail and telephone orders) are riskier and susceptible to fraud, and card issuers get involved in costly investigations. Optimally, card issuers would like to reduce online fraud levels, thereby boosting consumer confidence in using credit cards online and increasing their cards' market share, but keep the fee structures and liability rules the same. This is especially true because the card companies remain unconvinced that the new payer authentication protocols will become pervasive and reduce high fraud levels. Behind the scenes, however, e-tailers hold the key to successful adoption of payer authentication applications. If e-tailers don't promote these systems, consumers won't have anywhere to use them. To ensure that they do, Visa (which has been more aggressive than MasterCard) has been courting the Web's leading e-tailers and, according to many of those e-tailers that Gartner has spoken to, has offered to pay e-tailers for the entire VBV implementation along with other incentives. Many e-tailers have jumped on board and their intended adoption of payer authentication systems is growing at a healthy rate (see Figure 2). 20 September 2002 3

80% Figure 2 Merchant Adoption of VBV and MasterCard SPA 70 60 50 40 30 20 Current Plan YE02 Plan YE03 10 0 VBV MasterCard SPA Base: Large e-tailers, June 2002 (Each year includes data from previous years) Source: Gartner Research Most significantly, Visa has promised that in 2Q03, it will shift the liability for fraudulent transactions to card issuers, as long as the e-tailer accepts VBV transactions. All liability will shift, Visa has promised, even for transactions that do not use the system. In April 2002, MasterCard shifted liability to card issuers for intra- European transactions, as long as the merchant and its acquirer support the MasterCard Universal Cardholder Authentication Field protocol, which enables MasterCard SPA. In November 2002, MasterCard will globally shift liability to issuers and reduce interchange fees for all authenticated intercountry transactions. Many leading U.S. e-tailers, however, are still considerably skeptical toward the credit card companies. They report that for years, in the online and offline world, they have not been allowed to get copies of credit card regulations enforced by card issuers, even though they have to sign contracts that they will abide by the regulations. They say they are often cited for breaking rules that they cannot even read. E-tailers are justifiably skeptical of the card associations' promises to shift the liability for chargebacks to issuers when merchants accept VBV or MasterCard SPA. They cite similar promises that were made (but never carried out by acquirers or regulators) if they implemented checks for card verification codes from the physical card on their Web sites. They are also wary that credit card issuers will start classifying chargeback and fraudulent transactions under codes not covered by the rules that will shift liability to the issuer. The shift in liability is only valid for certain chargeback codes the ones most commonly used to date but card issuers can potentially classify them under other 20 September 2002 4

codes that are equally valid but not subject to chargeback liability shift so the merchant still retains financial responsibility for the loss. Online merchants also report that the latest release of the VBV system requires that consumers using credit cards from a few leading U.S.-based Visa card issuers use VBV to make a purchase, whether or not the e-tailer needs it to protect against fraud. E-tailers complain that for repetitive customers especially, whom they can identify through other electronic means, this extra step is unnecessary and only inconveniences the consumer. This release has not yet been implemented. Recommended Reading and Related Research "Consumers Embrace Online Credit Card Security Systems" "Missing Identities: The Truth Behind Web- Identity Services" "Making Sense of Online Card Authentication Schemes" (www.gartnerg2.com/research/rpt-0902-0158.asp) "Online Transaction Fraud and Prevention Get More Sophisticated" (www.gartnerg2.com/research/rpt-0102-0013.asp) Acronym Key SPA VBV Secure Payment Application Verified by Visa The justified concern and skepticism that leading e-tailers have about VBV and MasterCard SPA will surely hamper universal cardholder adoption of these applications. Nonetheless, assuming these systems continue to improve technically so that they do not slow down the consumer checkout process and instill consumer confidence, merchants are better off supporting payer authentication. In the end, if the systems work as they are supposed to, fraud will be reduced and merchants will receive guaranteed payments, benefiting all parties involved in online credit card transactions and enabling global e-commerce to grow. Unfortunately though, e-tailers are bearing more than their fair share of the costs of implementing these systems, which will drive them to seek alternative online payment instruments. Bottom Line: Visa should follow MasterCard's lead by lowering fees on authenticated transactions; and both should lower rates for all protected transactions, not just a select subset, as MasterCard has started out with. Both associations should make sure liability shifts to issuers take place as advertised. Otherwise, competing e-payment systems will gain ground with the e-tailers, and card companies will surely lose market share rather than gain it through the implementation of much-needed payer authentication. 20 September 2002 5

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback