A second wave of attacks began midday Friday after much of the eastern United States was affected in the morning. Sites affected included Etsy, ...
With a change in rules and their own early experience, retailers are slowly embracing Verified by Visa and MasterCard SecureCode.
The retailer verdict on Visa’s Verified by Visa and MasterCard’s SecureCode? So far, Internet retailers report, these programs look promising in terms of reducing fraudulent credit card transactions and increasing consumer confidence in shopping online. But there are still bugs to be worked out and more cards need to be involved before the real benefits can be gained.
The two programs initiated by Visa and MasterCard require consumers to enter a password when making a credit card purchase online. The password authenticates the identity of the cardholder. For retailers, these programs hold a number of potential benefits. For starters, MasterCard and Visa are optimistic that they can reduce fraudulent transactions by preventing a shopper from using someone else’s card number without permission. For another, they believe that consumers who had held back on shopping online due to fraud concerns will go ahead if they know their card numbers are protected.
Even beyond such theories, there are some up-front benefits for participating retailers. Visa promises that retailers will no longer be responsible for fraudulent transactions on sales run through the program, even when the issuer does not participate, as long as the retailer does its part. Furthermore, Visa is offering a lower interchange rate to retailers on transactions secured by its program-5 basis points below the standard card-not-present rate. MasterCard offers protection when both issuer and retailer participate. MasterCard won’t discuss its interchange rate.
But for both programs to reach their full potential, a large number of card issuers, cardholders and retailers need to participate. And some view that as the biggest obstacle. Still, Visa, which got the jump on MasterCard by implementing its program a little more than a year ago, reports that worldwide, 7,000 merchants are participating. In the U.S., Visa has 3,000 merchants with 9,000 issuers who have 200 million to 250 million cards registered in the program out of 450 million Visa cards in the U.S. MasterCard reports 9,000 worldwide merchants participating in SecureCode with 2,511 issuers worldwide.
But the number of registered cards is different from the number of participating cards, critics say, and that’s where retailers’ biggest complaint lies. For a card account to participate in Verified by Visa or MasterCard SecureCode, the cardholder must choose a password and then remember to use it when making an online purchase. Not enough cardholders are participating to make the programs meaningful, some critics say.
There are other problems as well. Some retailers say credit card issuers are still making errors in authorizing transactions-such as rejecting sales because the address given by the purchaser did not match the incorrect address in the issuer’s files even if the password is correct. Furthermore, retailers with very high fraud rates can’t even participate in Visa’s program because the association requires that participating retailers not be on Visa’s “watch list” of merchants with excessively high chargebacks and fraudulent transactions. To make that list, a retailer has to have at least 100 chargebacks per month and a monthly chargeback rate of at least 1% of all transactions for four months. “The retailers who need this the most aren’t even eligible to participate,” says Avivah Litan, consultant with Stamford, Conn.-based Gartner Group.
Visa executives say there are currently only five retailers in the U.S. on the watch list. Furthermore, Visa explains that the average online chargeback rate in the U.S. is 0.3% and a retailer would have to have more than three times the average rate to be kept out of the program. “We know there are retailers out there that have processing problems and we’re telling them to clean up their problems first and then they can participate,” says Jim McCarthy, Visa USA senior vice president of emerging products.
Learning from own experience
But despite their complaints, many retailers say these programs are catching fraudulent transactions, citing their own cases of criminals being caught trying to use a registered card without the proper password. Furthermore, participating retailers say they spend fewer resources checking out transactions authorized through the programs and therefore more time investigating other transactions that have a greater potential to be fraudulent. Finally, retailers say there are indications that consumers are more comfortable shopping online when they know their card numbers are protected.
“The market adoption is finally getting there,” says Jeff Foster, executive vice president of Retail Decisions, a company that works with retailers to reduce payment fraud. “Six months ago, that was not the case as everyone was waiting for someone else to try it first. But the early retailers have proven it can be effective and now we see a lot more retailers giving it a try.”
Foster says many retailers were initially concerned that they would see high abandonment rates because consumers would forget their passwords and give up on trying to make a purchase. But he says early indications are that the programs are not causing higher abandonment rates at participating retailers.
Part of that success in reducing abandonment can be traced to efforts to make the procedure less cumbersome. “We’ve streamlined the process,” says Bruce Rutherford, vice president of e-business and emerging technology for MasterCard. “In our early versions, we had separate pop-up windows for consumers to enter their passwords. But there was a push to integrate the password request into the same form that consumers fill out to make their purchase. By not requiring another form, we think we have reduced the risk of abandonment.”
Visa also originally had merchants using pop-up windows for authorization and while most retailers have since integrated the password request into their order forms, Visa is urging the remainder and their payments processors to follow suit. McCarthy admits pop-up windows can cause consumer confusion or represent another step that some consumers just won’t take.
Strength in simplicity