Hi

I want to clear up some misconceptions that I have read on multiple posts and responses at ezimerchant about the Verified by Visa and MasterCard SecureCode values to merchants.

Merchants who accept credit card payments when they cannot deal face-to-face with their customers are at a very high risk of disputes, and most disputes will be resolved in a cardholders favour in this environment, due to the very inability of a merchant to produce valid identification of the cardholder. No matter what a merchant attempts to obtain from a cardholder for proof of I.D. when they are dealing in a 'virtual' world, there is a liklihood that the information being 'faxed, phoned, emailed, or entered into a Payment Gateway' is not that of the valid cardholder.

Unfortunately, even ligitamate sales whereby the actual cardholder gives the details over for goods or services rendered may still turn around and claim 'they didn't do it' at a later date...and this could be up to 3 - 6 months, depending on the type of card, after the transaction, thereby leaving the merchant in a 'no win' situation where they have lost their goods or services and their money.

In an attempt to bring better accountability to the use of credit cards on line, both Visa and MasterCard have created a protocol which enables registered cardholders to enter a 'password' of some sort (usually alpha-numeric) which is then sent to the Card Issuing Bank in an attempt to identify, and validate, the use of the card. If the Issuing bank recognises the password entered, the merchant is virtually guaranteed that payment cannot be disputed later. If the Issuing bank cannot recognise the password, it will decline the transaction, as it could very well be someone other than the cardholder attempting to use it (such as a thief, or a son, daughter, wife, etc). If the cardholder is not enrolled with their Issuing bank, the card will simply go through its normal authorisation process to validate whether or not sufficient funds are available and the card hasn't been listed lost or stolen. These transactions can be disputed and result in a chargeback to the merchant.

While Verified by Visa and MasterCard SecureCode do not give 100% payment protection to merchants, using it is the best opportunity online merchants have today for payment guarantees by their credit card customers for the biggest chargeback reasons that occur. Check out the Visa and MasterCard websites for more details. The biggest reason there are so many 'naysayers' about it is that the original protocol was a confusing 'pop-up' version, which is now no longer, and a cleaner, clearer, easy to understand 'inline' version is now the only protocol allowed.

If you don't think its a good deal, think about the following information:
1) Guaranteed payment protection for merchants online against the two most common cardholder chargeback reasons. Chargeback rates for online merchants are the HIGHEST chargeback rates of any type of business or merchant facility in the world. Installing this protocol will assist with >50% of chargebacks experienced by online merchants
2) Many major Banks worldwide have adopted the practice of accepting it and offering it with their merchant facility offerings - there must be a reason
3) Merchants who offer Verified by Visa and MasterCard SecureCode MUST be registered by Visa and MasterCard so Cardholders know that the merchant is legitimate
4) The protocol that Verfied by Visa and MasterCard SecureCode offer detects enrolled cardholders and will not ask a non-enrolled cardholder to enter a password, so there is no risk of losing sales
5) The inline protocol out now for all new MPI's allows a split, single browser session which maintains the merchant details in the top of the screen while directing the cardholder to their recognisable Issuing Bank 'password' page - no confusion and complete transparency of what is happening at all times
6) Regardless if less than 5 merchants in a certain region have Verified by Visa and MasterCard SecureCode enabled, those merchants have protected, guaranteed sales that other online merchants may be missing out on
7) Just over a year ago, there were no merchants using Verified by Visa and SecureCode because it wasn't available....so, having 5% of merchants and most major Banks on board in such a short time proves that there is value there

I believe anyone who states that Verified by Visa and MasterCard SecureCode 'it's not a big issue, it's just another fad, and it doesn't really offer much value yet' should do more than discredit such an obvious benefit to merchants and start understanding that it offers some merchants the ability to cut back seriously on their chargeback ratios and also assist in driving away velocity fraudsters and stolen credit card use. Maybe it's time to reconsider.

3-D Secure Payer Authentication

A.K.A Verified by Visa & MasterCard SecureCode

Introduction: The Industry and The Goals

Payer Authentication is the newest and most powerful tool available to ecommerce merchants today. Payer Authentication provides merchants with the electronic equivalent of a signed sales receipt. Under the umbrella of Visa’s 3-Domain Secure initiative, internet merchants can participate in Payer Authentication. Visa’s program is called Verified by Visa. MasterCard and Japanese Credit Bureau (JCB) also have 3-D Secure programs: MasterCard SecureCode and J/Secure. All three programs operate exactly the same way, they validate that the consumer shopping on your website is the legitimate cardholder.

Why would the payment associations (Visa, MasterCard, JCB) want to do this? They are worried about brand erosion.

The benefits of payer authentication are pretty substantial. First and foremost is guaranteed payment on all fully authenticated transactions. Even if the transaction is later determined to be fraudulent. The merchant will NOT be charged back. In fact, the chargeback is actually blocked from being submitted to the merchant’s acquiring bank by Visa and MasterCard, so there is not even an awareness at the merchant bank level that a chargeback occurred. More importantly, the number of chargebacks that a merchant records with their acquirer will drop dramatically. Typical participating merchants see a drop of 60-70 percent in their monthly chargeback rates.

Even more monumental in concepts than the guaranteed payments is the shift in liability from the merchant to the card issuing bank. Never before in the history of card-not-present (CNP) transactions, have the payment networks ever offered a way for merchants to avoid liability for CNP transactions they accept. It has ALWAYS been the merchants liability. Those days are now over. This is ground-breaking stuff here folks.

Now, how about a little lower margin for doing busy more securely? Visa says sure. Just for installing Verified by Visa software on your site, Visa will lower your interchange rate by 5 basis points. I know, I know, basis points are confusing, what does that really mean? Well it works out to $0.05 for every $100.00 you process. A nickel doesn’t seem like a lot, but it adds up when you are processing $1,000,000 a month or more in sales. Why did Visa do this? Well they want to motivate merchants to participate, and the 5 basis points is intended to help offset the cost that merchants pay for the payer authentication service (typically between 5 and 10 cents per transaction).

Common Misconceptions

Misconception #1: Not enough cardholders are enrolled.

This is irrelevant. 300 million plus US Visa cards are enrolled. Visa is offering merchants guaranteed payment on all Visa cards* regardless of whether the cardholder is enrolled or not. This means that from day one, with Verified by Visa enabled on your site, a merchant can cut their transaction liability by 50-60 percent, just on their Visa transactions.

MasterCard does not offer attempts processing liability coverage at this time, but 5-10 percent of MasterCard transactions are guaranteed payment, and their adoption rate is growing every day.

When a merchant combines the coverage of Visa and MasterCard together, they are typically getting guaranteed payment on 60-70 percent of their overall transaction volume. They are also eliminating 7 out of 10 chargebacks.

Misconception #2: Not enough banks offer the service.

Completely untrue. 45 of the top 50 U.S. issuing banks, and over 10,000 issuing banks now have the software up and running, worldwide.

Misconception #3: If it is such a good program, why aren’t the big name merchants doing it?

Good question. These merchants would like to know why you don’t consider them big names:

Walmart.com, JCPenney.com, Hotwire.com, 1800Flowers.com, CompUSA.com, TigerDirect.com, NewEgg.com, Etronics.com, Crutchfield.com, OfficeMax.com, JetBlue.com, NorthwestAirlines, eCost.com, Zales.com, BlueNile.com, FogDog.com, PlayStation.com, LizClaiborne, Wilsons Leather, eBags.com, Nickelodeon, Cooking.com, and about 30,000+ others worldwide that I don’t have room to list here.

Misconception #4: I have heard that Verified by Visa/MasterCard SecureCode cause higher “abandonment” rates?

First of all, lets define abandonment: Abandonment is the process by which a customer leaves/aborts the CHECKOUT process prior to a final submission of the order – including items for purchase, billing and shipping method, and payment information.

Pay attention to this: payer authentication occurs AFTER CHECKOUT (or shopping cart) has been completed, but PRIOR TO AUTHORIZATION of the credit card (it works with both real-time and batch authorization).

Understanding the definition of abandonment explains why Verified by Visa contributes to absolutely zero ‘shopping cart abandonment’. It can’t. Fundamentally, Verified by Visa, as a process that a consumer would see, does not begin until the checkout has been COMPLETED.

With that said, the initial implementation of Verified by Visa, more than two years ago, had some problems with the authentication process. But those problems have been fixed. First and foremost, pop-up windows are no longer allowed for the authentication screen. Due to pop-up blocking software and the almost instinctive act of a consumer closing pop-up windows, Visa realized that this was not going to be effective. Since then they have mandated the “in-line” presentation method, which presents the Verified by Visa screen within the same browser window. This in-line method has proven to be dramatically more effective reducing authentication abandonment from 20-30 percent, down to less than one percent. The in-line method also allows the merchant to keep their brand on the same page as the authentication screen, which provides additional reassurance to the shopper that they are not being enticed by a ‘phishing’ scam.

Also, Visa and MasterCard strongly encourage the prominent display of the Verified by Visa and MasterCard SecureCode logos, both on the homepage, and the checkout page, so that it is clear to the shopper that this site is protected by these programs.

Finally, the strategic placement of consumer messaging (which is the fancy phrase for providing instructions and guidance to your shoppers in the from of text) has been surprisingly helpful. Amazingly, just telling consumers what they can expect to happen (ex: You may be prompted to enter your password if you are enrolled in Verified by Visa), and what to do if the expected thing does not happen (Ex: please call this 1-800 number if you experience a delay or are unsure how to proceed), has been extremely helpful.

Misconception #5: I have so many passwords, and I can never remember all of them. What happens if I forget mine?

First of all, do you have a debit card? If yes, then what’s your PIN number? Don’t answer that. It’s a rhetorical question (and you never know who might be listening!). But you get the point, right? Why can you instantly recall the PIN number for your debit card amidst the tens, if not hundreds, of passwords you have? Because it’s the key to your bank account – your money. The same goes for payer authentication. In regards to consumer experience, it’s almost identical to entering your PIN number for a debit card purchase. In fact, if you want to make your Verified by Visa password a ‘PIN’ number, instead of a password, go ahead, it’s OK. The point is, we already have a proven and flourishing example of consumers successfully protecting their money with a password (PIN) and payer authentication works exactly the same way – you just enter the password in your web browser instead of an ATM machine.

What are the merchant benefits of Payer Authentication?

Guaranteed Payment.

Yeah, right. Guaranteed payment? Where’s the fine print. What is that supposed to mean?
Exactly what it says. Guaranteed payment. If you are an ecommerce merchant, and you install payer authentication software on your site, Visa and MasterCard will guarantee that you get paid, and can NEVER be chargedback on fully authenticated transactions. For a typical ecommerce merchant, this represents about 25-33 percent of Visa card volume and 5-10 percent of MasterCard volume.

In addition Visa also offers guaranteed payment, including chargeback protection, on what they call “attempts processing”. This means that if the merchant has the Verified by Visa software on their site, even if the shopper is not enrolled (has not set up their password), Visa will guarantee payment on that transaction, and block any chargebacks from coming back to the merchant on that transaction. This represents an additional 60-65 percent of the merchants overall Visa card volume.

When you combine the protection outlined in the above two paragraphs together, that equates to roughly 60-70% of your overall credit card volume being covered by the two programs. That means 60-70% of your overall credit card volume will be guaranteed payment, and will be protected from chargeback liability. Sounds crazy right? See Misconception #3 above to see how crazy it really is.

Chargeback Blocking.

What the heck is chargeback blocking? It’s exactly what it sounds like. Literally, Visa and MasterCard step in between and block chargebacks from being passed by Issuing bank who issues credit cards to consumers, to the Merchant Acquiring bank, who receives funds for settled purchases from issuing banks on behalf of you the merchant.

What this means is that a chargeback is blocked from ever reaching your Merchant Acquiring Bank. This means that the number of chargebacks that show up on your monthly chargeback report are going to drop – dramatically. Typically by 65-70 percent. When the number of chargebacks drops, the fines for those chargebacks (usually $15-25 each) also go away. In addition, since their was no chargeback, you the merchant can keep the funds for that purchase. The issuing bank again is blocked from pulling the funds for that fraudulent purchase out of your merchant account. Why? Because you have done your part. You have the payer authentication software on your site. You are off the hook for those transactions that are protected. But somebody has to pay for that fraudulent transaction, right? Right. Lets’ read on…

Transaction Liability Shift.

Transaction Liability is the end result of chargeback blocking. If fraud occurs on a transaction, and the merchant is no longer required to reimburse the consumer for that fraud because the merchant was employing payer authentication, then who will? The bank that issue the credit card. Yep. You read that right. All banks that issue Visa or MasterCard credit cards are now liable for all ecommerce transactions that are protected with payer authentication by merchants. When did this happen? Well, it’s actually always been this way with Verified by Visa and MasterCard SecureCode. Now are we starting to understand why the biggest merchants in the world want these programs on their websites?

So why would issuing banks allow this to happen? Aren’t they now exposed to a huge amount of fraud? That’s partially true, but banks, as members of Visa and MasterCard, are bound by the rules of the card associations they are members of. Also, issuing banks realize in the long run, these programs will strengthen the brand of their cards, and make consumers more willing to shop online. And as you know, issuing banks love it when you use your credit card.

The ecommerce channel today represents only 2-3 percent of the overall commerce in the U.S. However, it is the fastest growing payment channel. Issuing banks realize that ecommerce is really still in it’s infancy, or maybe now more like a toddler. It’s learning to walk, but its still stumbling around like a drunken sailor trying to get his sea-legs. It may not be perfect, but it’s getting better, and becoming ubiquitous. Pretty soon it will be so big, it will be too big to fix, so banks are willing to scrape their knees a little now, and get the problems fixed. When ecommerce eventually is 5, 10, 20, or 50 percent of US commerce, consumers will feel good about using their credit card to shop online, and not be afraid of identity theft and fraud.

Accept International Transactions.

Do you accept transactions today from Nigeria? No? Not surprising. Nobody does. However, what about Canada, or Mexico, or England, or Germany, or Australia, or Japan. There are most certainly customers in these and many other countries that we would be happy to do business with, if we only could feel safe about accepting the transaction. But there’s no Address Verification System (AVS) for these countries, so what can we do?

Well, if you enable Verified by Visa/MasterCard SecureCode on your ecommerce site, not only can you accept transactions from these countries and all over the world, you can do so with exactly the same benefits and protections that you get on U.S. issued credit cards.

A conservative approach for a merchant who is hesitant to test the international markets may be to simply offer to accept international orders ONLY if they are made with a Verified by Visa or MasterCard SecureCode credit card. That seems fair enough. Talk about expanding your markets!

Reduce Overall Cost of Doing Business (operational overhead).

This benefit probably takes the longest to realize, but can be pretty substantial. Ask yourself this question: How much manpower, time and resources do I spend preventing/screening transactions for fraud, and dealing with chargebacks that I have received? Whatever the answer is, now cut that manpower, time and resource allocation by 60-70 percent, and that’s what payer authentication has to offer your business in terms on reducing your costs of doing business.

Verified by Visa and MasterCard SecureCode make your business more efficient. They reduce the time you spend as a business trying to be a security expert, and give you more time and resources to focus on selling your products, which is what a “merchant” should be doing. It’s a beautiful thing!

Verified by Visa Chargeback Reason Codes Covered

U.S. Visa Credit and Debit Cards – Full & Attempted Authentication
23: Invalid Travel & Entertainment
61: Fraudulent Mail Order/Telephone Order/eCommerce
75: Cardholder does not recognize transactions

Visa International Credit and Debit Cards - Full & Attempted Authentication
23: Invalid Travel & Entertainment
83: Fraudulent Mail Order/Telephone Order/eCommerce

MasterCard SecureCode Chargeback Reason Codes Covered

U.S. MasterCard & Maestro Cards – Full Authentication
4837: Cardholder non-authorization
4863: Cardholder not recognized

Which merchants can benefit the most from these programs?

If you accept credit cards as payment online for merchandise, then you can benefit. It does not matter if you are a small business run out of your basement, or if you are selling millions of dollars a year in merchandise. Every merchant can benefit from these programs. More specifically, merchants that are in high risk categories for fraud: jewelry, consumer electronics, software, DVDs; merchants whose items can be easily pawned or fenced: sporting goods, tools, tobacco, ticketing; merchants who sell ‘soft’ products: games, music, content, airtime/phone minutes

So where can I go to get this software?

Visa and MasterCard both have published vendor lists on their websites. You should also talk to your Merchant Acquiring Bank, your Payment Gateway, and/or your Payment Processor to find out if they already have a vendor that they recommend or are partnered with.

Verified by Visa Merchant Information Site: http://usa.visa.com/business/accepting_visa/ops_risk_management/vbv_marketing_support.html

Verified by Visa Consumer Information Site: https://usa.visa.com/personal/security/vbv/index.html

MasterCard SecureCode Merchant Information Site:
http://www.mastercardmerchant.com/securecode/index.html

MasterCard SecureCode Consumer Information Site: http://www.mastercard.com/securecd/welcome.do

-------------------------------------------------------------------------------------------------------------------------------

Rick Lynch
Director of Business Development
CardinalCommerce Corporation
6119 Heisley Road
Mentor, Oh 44060
877-909-6119 x112
rickl@cardinalcommerce.com

Hi..

Hoping you can help me out. You say Verified by Visa costs the merchant 5-10 cents per transaction. Is this in addition to the discount fee already paid by the merchant or included in it and to whom would I pay the 5-10 cents per transaction to (i.e who gets it...Visa or the merchant acquirer or others)? Also is 2.75% an average discount fee considering both small and large merchants?

Thanks

Mmmm, I kind of see your point but, having personally experienced over six thousand online transactions in the last three and half years with just one charge back (which was, incidentally, my fault! I accidentally billed a customer twice...doh), I'm probably not going to go for it. Unless the ratio of successful transactions to chargebacks goes completely the opposite way rather quickly.

However, if, as you say, customers will start to prefer only dealing with merchants who display the 'Verified by Visa and MasterCard SecureCode' then maybe I'll change then...

Cheerio!

CT

The two posts by our international visitors are well spirited but unfortunately not really valid at this point in time for Australian Merchants.

The fact is that at the moment virtually no one in Australia is enrolled (or is aware that they are enrolled) in the new system - Hence web sites that have piloted the system in Australia have found significant drops in order volumes which have been solely attributed to customer confusion at the time of purchase. If a customer is asked to fill in a Pin number that they know nothing about they will simply shop elsewhere.

Until actual card holders are aware of the new system and know their pin numbers then the system is useless for merchants to adopt because their order may decrease due to confusion.

As christof has said, its not that hard to all but eliminate chargebacks by implementing systems to weed out potential fraudulent orders before processing them.

It was with interest I read the info on VV and MS from internationals. We looked at it two years ago and were scared off by the number of clicks and lack of info in Australia. We are revisiting the issue now and while it appears the process has been streamlined there is still very little infomation available to Australian cardholders, hardly suprising with the majority of Aussie banks pleading ignorance.

The biggest drawback I came across while researching this issue was that a number of industries (gaming and adult services) who have the highest levels of chargebacks and therefore the highest level of interest in new fraud checking measures will not receive the 'no chargeback guarantee' available to other industries. Which begs the question 'Is it really an effective security measure?' If the answer is yes then surely all users should be treated equally?

Visa/MasterCard and the banks are charging us for verification because they are themselves to blame for a service that is not secure? This is the same claptrap we get from Microsoft when we get problems with Windows, you buy the software as is and if you have problems you have to pay for the priviledge of using their support that helps you to realise it's not your fault but a deficiency in the software.

My father told me that banks sent creditcards through the mail without him even asking for one. So now they got us to do what they want us to do we pay accordingly for the priviledge and that is when I realise that such high charges for the verification service is not worth a pinch of salt; I will just stick to my own ability to weed out the fraudsters and cope with the online 10% margins I am so "priviledged" to have.

The fact they won't give the same charge back guarantee to gaming and adult as they do to the rest of the online industries is a clear indicator they don't believe the service is fraudsterproof., it's just a means to acquire insurance money from fools that take up the service. It's just another means to get more money out of us to push past their 3 billion dollar profit from last year!

By the way, Chris, you state you have done over 6,000 online transactions without one charge back except the one you made a mistake on. As you know I am still waiting for my hibermate but fraudsters are not really interested in hibermates, just doesn't hold much value to them at the local pawn shop as would a GPS or Digital Cameras etc! In saying that I also believe their is very little difference in online fraud as to someone walking into KMart and shoving a pair of shoes into the pram except you have a better chance of assessing the information before you as an online retailer and catching a fraudster online than would an old biddy (KMart employee) standing at the entrance to check your pram as you walk out the door.

Ensure you state on your web site that you only accept landlines and a physical address, with exception to country folk who have PO Boxes but they still can provide a landline, thus you can check the white pages to see if the name has the same phone number as listed. Basic security checks is a must and can't be stressed enough. Australia as yet is not mobile phone only type country like USA or Europe where many have forgone landlines for mobile phones. (Cell Phones).

Hi

Yes. You are right Guaranteed payment protection for merchants online against the two most common cardholder chargeback reasons. Chargeback rates for online merchants are the HIGHEST chargeback rates of any type of business or merchant facility in the world. Installing this protocol will assist with >50% of chargebacks experienced by online merchants.
f you don't think its a good deal, think about the following informatio in this site
merchantacquiring(dot)co(dot)uk