The growth of ecommerce
You will have seen that the volume of internet trade is growing at a phenomenal rate; however some criminal elements are taking advantage of this growth to target your website with stolen card details. It is now more vital than ever, for you as a merchant, to protect your business against this increased risk of fraud.
The role of 3D Secure
Internet transactions are classed as 'cardholder not present' (CNP) transactions. Until recently, there was no easy way for you to identify a cardholder and confirm that it was indeed the legitimate cardholder entering the card details.
A significant proportion of chargebacks can arise as a result of the cardholder denying that they authorised a transaction. It is traditionally very difficult for you to successfully appeal against this sort of chargeback. The 3D Secure technology is designed to reduce the possibility of fraudulent card use by authenticating the cardholder at the actual time of the transaction and subsequently reducing your exposure to disputed transactions and chargebacks of this type.
What is 3D Secure?
3D Secure stands for Three Domain Secure - the payment industry's internet authentication standard which has been developed by the major card schemes. Visa has called their version of the scheme 'Verified by Visa' and MasterCard have called their equivalent initiative 'MasterCard SecureCode'. These are both collectively referred to as 3D Secure.
3D Secure authentication requires the cardholder to register their card to take advantage of this service. This is a one time process which takes place on the card issuer's website and involves the cardholder answering several security questions to which only the card issuer and cardholder will know the answer. The cardholder selects a password and agrees on a secret phrase, which will be used by the card issuer during each online transaction.
3D Secure can be thought of as an online version of 'Chip and Pin' technology, whereby the cardholder has a personalised password registered with their card that is entered during the checkout process. 3D Secure is predicted to become the industry standard by the end of 2007 and all online consumers will soon become as familiar with this, as when they enter their 'Pin' number at a cash machine or till in a shop.
How does 3D Secure work with Nochex?
- Each time a cardholder attempts to make a transaction using Nochex, after entering their personal card details on the Nochex payment page, the Nochex system automatically checks to see if their card is enrolled in the 3D Secure scheme.
- Some schemes are not yet fully enabled for 3D Secure but these are expected to be enabled over the next few months.
- If the cardholders' bank is participating, the cardholder is taken to their card issuers secure website where they enter their 3D Secure password. The payment is then taken as normal and the cardholder is smoothly delivered back to the merchants confirmation page.
- If a cardholder of a bank who is participating in the 3D
Secure scheme has not yet enrolled, by default, they are offered the opportunity to register. They can then either sign up for 3D Secure, and proceed with the transaction or decline to sign up and proceed with the transaction as normal. Different card issuers may implement a maximum decline limit before the cardholder is made to sign up to 3D Secure.
- Nochex will attempt a 3D Secure check on each card transaction - if the cardholder's bank are not currently participating in the 3D Secure scheme, the transaction will be processed without a 3D Secure check.
- All Nochex Merchant Accounts are now 3D Secure enabled as standard and each Nochex card transactions is checked to see if the cardholder is registered for 3D Secure. Merchants and Sellers should use the notification of the 3D Secure checks as an additional fraud prevention tool in conjunction with existing fraud checks such as AVS and CV2 to help you minimise your risk of fraud.
What are the advantages of 3D Secure?
- The key attraction to you as a merchant is that once a cardholder registered with the scheme has input their correct 3D Secure password during a transaction and this has been successfully authenticated (and providing that they are acting legally), the liability of a chargeback arising from the cardholder denying that they authorised the transaction, should shift from you (the merchant) to the cardholder's issuing bank.
* Source: MasterCard website
Are there any limitations of 3D Secure?
Ultimately, the risk of fraud lies with you, but Nochex feel it is vital to provide you with the necessary tools to help you to protect your business and manage and reduce your exposure to fraud, chargebacks and their associated costs.
- 3D Secure authentication should not be used as a complete fraud prevention tool, but should be used in conjunction with existing fraud checks such as AVS and CVV2 to help further minimise your risk of fraud.
- Chargebacks can still occur even when they have been fully authenticated by 3D Secure. This can include when a customer denies receipt of the goods or is not happy with the goods received.
Commons questions answered
- Visa Electron
- Visa Delta
- Maestro (includes Switch)