Topic: VISA 3-D
Reasons for this subject:
- Explanation of Visa 3-D
- The issues that eBusinesses face with Visa 3-D
THE VISA 3-D INITIATIVE
Visa recently announced a new initiative to make online credit card payments safer for consumers and merchants. This initiative, known as Visa 3-D, brings a whole new set of requirements to eBusinesses.
Why did Visa create 3-D? It’s well known that the Internet carries a disproportionate share of all credit card fraud. Since Internet transactions count as “card not present” payments, it’s the eBusiness that bears the brunt of the fraud. All Internet fraud comes out of the eBusiness’ pocket. Visa doesn’t pay. MasterCard doesn’t pay. Neither does the consumer. The eBusiness is on the hook. Visa created 3-D to help eliminate fraud for both merchants and consumers.
BUY.COM: AN EXAMPLE OF THE RISK
Buy.com provides a recent example of the risks that eBusinesses face. In August 2001, CNET reported that Buy.com’s fraud reached a such a high level that its bank threatened to stop all credit card processing (http://news.cnet.com/news/0-1007-200-6943510.shtmll). The bank also threatened to freeze the money in Buy.com's account to cover all future chargebacks. This action would have surely forced the ailing Buy.com out of business. At the last moment, Buy.com’s CEO negotiated a new merchant agreement to keep credit card transactions flowing.
(A “chargeback” is a disputed credit card transaction. If an eBusiness can’t prove that a credit card transaction is “good”, it must refund the money to the credit card company and absorb the loss. If the eBusiness doesn’t have the money to cover the chargeback (refund), then the eBusiness’ bank refunds the money. The bank, therefore, carries some risk and retains the right to shut down credit card processing to protect its financial liability.)
In a separate article, CNET went on to describe how the rest of the e-tailing industry feared the inflated risks associated with Internet fraud.
SAFEGUARDS HAVE BEEN TRIED BEFORE
Visa and MasterCard have tried in the past, and failed, to institute safeguards for online transactions. The most notable was the Secure Electronic Transaction (SET) initiative. Although Visa and MasterCard backed SET heavily, it was technically difficult for eBusinesses to implement. There was little adoption, and, for all practical purposes, the SET movement died.
BUYER AUTHENTICATION - VISA TRIES AGAIN
Visa then created a new set of safeguards, Visa 3-D, to solve the technical hurdles created with SET. But eBusinesses will still find it somewhat challenging to implement.
For example, Visa 3-D calls for a new “buyer authentication” process. Under this process, a buyer must first register on Visa’s web site. Visa then knows that the buyer intends to make credit card purchases online. A buyer gets a password known only to her/him and Visa, which allows Visa to uniquely identify each buyer.
Now comes the tricky part: buyer authentication during a purchase. When the buyer makes an online purchase with a Visa card, the web site MUST open a separate window and link the buyer to Visa’s web site, BEFORE the payment is approved. The buyer gives her/his password directly to Visa. The web site selling the merchandise is NOT allowed to capture the password and pass it to Visa - even if the password is encrypted.
Visa 3-D makes sure that only Visa can authenticate a buyer. It removes the eBusiness from the authentication process, providing greater safeguards against online fraud. Anyone trying to create a fraudulent transaction would have to know 1) the credit card number and 2) the password associated with that credit card.
If this form of buyer authentication becomes widely adopted, then eBusinesses will be forced to open separate windows for each credit card company (Visa, MasterCard, American Express, etc.) and link the buyer to the proper site. Although this is easier than implementing SET, it’s still a technical hurdle.
Visa’s big challenge is to get both eBusinesses and buyers to adopt Visa 3-D. eBusinesses must agree to implement the technology. Buyers, particularly retail consumers, must agree to register on Visa’s web site. Visa must drive market adoption, and it will likely take quite some time to reach critical mass.
WHAT EBUSINESSES CAN DO TO PREPARE FOR VISA 3-D
EBusinesses can do several things to prepare for Visa 3-D:
- Research. You can read more about Visa 3-D at http://www.visa.com.
- Determine technical changes. If you wish to implement Visa 3-D within your web site, first define the technical changes you need to make. Then, determine how much effort it will take to keep on top of future changes.
- Look for outsourcing alternatives. It may be easier and more cost effective to find an outsourced payment processing solution, rather than implementing Visa 3-D within your web site. An outsourced payment process, such as AssureBuy’s IntegriCharge service, will keep you compliant with Visa regulations at all times.
- Continue to implement fraud prevention techniques. We recommend that you review the information provided by the Worldwide E-commerce Fraud Prevention Network (http://www.MerchantFraudSquad.com).
- Watch the market, then move quickly. Although a number of technology firms, eBusinesses and corporations back Visa 3-D, it still isn’t widely adopted. A wait-and-see attitude may be the right approach. Do your research, prepare, and move quickly when adoption reaches critical mass.