Yahoo Stores features ‘automatic’ PCI compliance for secure payments, among other options.
(Page 2 of 3)
First Data is collaborating with Orbiscom on marketing materials and is inviting First Data’s card-issuing customers to forums where they can test the technology. Tsuei says the product is entering acceptance testing in the second quarter and should be available to clients by mid-year, when the company plans to step up advertising and additional sales and marketing efforts.
In February 2000, Discover Card Services became the first card issuer to employ disposable card technology. The company uses Orbiscom’s technology, which Discover calls the Single Use Card Number product, as part of its online DeskShop program. Discover recently implemented its third version of the product, which the company says cardholders are accepting in record numbers.
“Usage of Deskshop is up substantially since we introduced the new version,” says Colleen Zambole, vice president of e-commerce at Discover. The company reports that in the first three months of the 3.0 launch (November, December and January), transaction volume for the product increased 522% compared to version 2.0’s first three months a year ago. “The average ticket is higher so people feel secure enough to spend more. People don’t worry about security and then decide not to complete their online transaction,” she says. Discover and Orbiscom co-market the card using e-mail promotions and sweepstakes for consumers who download the software, says Zambole
New York-based American Express Co. also offers single-use card technology with its proprietary Private Payments product, which it launched in fall 2000. One of the first card companies to develop a disposable card number security option, AmEx requires cardholders to go through its web site to access the Private Payments product before shopping online.
In spite of the backing of such important credit card organizations as American Express, Discover, MBNA and First Data, single-use card numbers face significant barriers to widespread market acceptance. For one thing, they seem to compete with MasterCard’s and Visa’s identification-verification systems in providing issuers and consumers with an online security method. The card associations have the added benefit of being able to mandate acceptance in the form of adjustments to fees and interchange revenue for members who use the verification services. “Programs from Visa and MasterCard are likely to supersede disposable card number options mainly because merchants and issuers will be forced to comply with the new security systems,” says Ken Kerr, a research analyst at The Gartner Group Inc., Stamford, Conn.
Programs like Verified by Visa and MasterCard’s Secure Payment Application are more complex systems aimed at authenticating the actual cardholder. They operate by asking for a registered password during a transaction. The card-issuing bank authorizes the password before approving the transaction. MasterCard and Visa claim that having the issuing banks take responsibility for the customer’s transaction mitigates the risk of chargebacks for merchants. On the other hand, single-use card numbers are aimed at encouraging security-conscious consumers to shop online by masking their card numbers online. While the goal of Visa and MasterCard is to spread liability among all the parties involved in online transactions, the goal of single use cards is to make consumers more comfortable with using cards online so they can get more online shoppers or get shoppers to buy online more frequently.
Another big difference is the level of investment. The Visa and MasterCard programs will require everyone in the online transaction process to comply with a system upgrade to support the program. That means banks have to market it to consumers, consumers have to sign up, banks have to add information fields in their authorization connection, the processors have to send more information back and forth and the merchants must install software to accept such transactions.
MasterCard and Visa have traditionally considered it their jurisdiction to dictate how banks must upgrade systems to improve transaction security and both associations are setting deadlines for compliance within the next two years. But several banks and retailers already have voiced objections to adopting the card associations’ systems without proof that they will mitigate fraud, observers say.
With single-use card numbers, only the issuing bank and consumer have to do anything and in both cases, it’s the decision of each party whether to utilize it. Furthermore, it is not onerous to install for either party. Vendors say it takes only a few minutes to download the software necessary for banks to issue the numbers. And consumers, who already have shown that they want to use a security measure to shop online, must download a small applet onto their desktops.
MasterCard’s Secure Payment Application program, which will be mandated as part of routine system upgrades in April, should not be onerous to system users either, the association says. “Merchants simply need to implement hidden fields on the web site to collect authentication data from the issuer security solution, and once collected as part of the order submission process, the merchant passes this authentication data to their acquirer as part of the authorization request message,” says Bruce Rutherford, vice president of e-business and emerging technologies. MasterCard is also partnering with leading technology vendors and payment service providers to enable their infrastructures to simplify merchant implementations and enable their gateways to MasterCard acquirers.
On the issuing side, MasterCard is working with vendors to help bank members and merchants add the Secure Payment Application to their existing infrastructures. Pricing will vary depending on which vendor technology solution is selected and if the issuer has already deployed a client-based solution, in which case the Secure Payment Application would just need to be integrated. “SPA leverages existing issuer security programs, minimizing integration and deployment costs for merchants, acquirers and issuers,” says Rutherford.
MasterCard and Visa, though, need to back up their programs with incentives for merchants to implement them, says Avivah Litan, vice president and research director of Gartner Inc.`s GartnerG2 research group. Although the associations are planning reduced fees, she says merchants will continue to pay higher fees for Internet payments: 2.5% on average for the web vs. 1.5% in stores. " Consumers are interested in using these new security systems, which can significantly reduce online fraud," she says. "The credit card companies should back up their belief in these systems by lowering fees for all merchants who support them."