There's been plenty of talk about 3-D Secure over the course of the last few years. Recently, however, we've been hearing a lot more about it as banks move to require that merchants offer this service to customers of their E-Commerce websites. Nevertheless, many merchants are still wondering what 3-D Secure is exactly and what it will mean for their online business.
Originally developed by Visa as Verified by Visa and since adopted by MasterCard, 3-D Secure is an additional layer of security for online credit card and debit card transactions.
Everybody remembers when the Card Security Code (a.k.a. Card Verification Value, CVV, CV2, CVC, CVVC etc…) came in. These are the three digits on the back of your credit card required to verify a transaction when you use a card online or over the phone. The idea is that it verifies the credit card in Card Holder Not Present transaction situations.
3-D Secure is the latest such security measure. Each cardholder will create a password which is associated with the card. When a transaction is underway online, the cardholder will be redirected to a third-party site representing the Card Issuing Authority, and asked for this password to authenticate the online transaction.
The obvious advantage to the cardholder is the added layer of security that a password brings. While card numbers and expiry dates etc may still be copied by fraudsters - they will also need the cardholder’s password to use the card.
But how do you, the merchant, benefit?
Without 3-D Secure, if a fraudster on the other side of the globe orders a grand’s worth of merchandise from you, and you unwittingly send it off, you are liable for this fraudulent transaction. This is the case even if the transaction is fully authorised by the CVV Number. When the legitimate cardholder complains that a fraud has taken place and demands a chargeback you must return the money paid to you as part of the transaction. So you’re out of pocket and your merchandise is lost.
However, if you have used 3-D Secure to authorize the transaction you will not be liable in the case of a fraud. Your goods are gone - but you keep the money paid for them.
At StudioForty9, we will be rolling out the 3-D Secure ready version of our HSBC Payment Gateway Module for Magento. If you have any questions about this module, or if you would like to be notified of its release (estimated as Dec. 1st, 2009) please contact us at (JavaScript must be enabled to view this email address)
4 Comments
1
Laurence Veale | Thu Mar 4, 2010 at 01.31 pm
What I’d be interested to hear more of is the potentially jarring user experience when reaching the end of a checkout funnel you’re essentially shunted to a third party site.
If we’re being honest about banks, they have a poor track record when it comes to user experience.
I’ve seen analytics data for 3D secure and it’s actually a bit scary. Sure, everyone’s more secure, but I’ve seen an attrition rate of 25% for users who were presented with 3D secure.
The key thing is owning the experience. Much like Realex provides an API which you can then design around, I’d like to see the same for 3D Secure.
Interested to hear your thoughts,
Lar
2
Mark Ewans | Wed Mar 3, 2010 at 07.21 am
Thanks for taking the time to post such a detailed and informative article. It has given me a lot of inspiration and I look forward to more like this in the future.
corporate holiday gifts
3
Facebook Layouts | Sat Jan 2, 2010 at 05.30 am
I read your article and moreover,3D Secure authentication requires the cardholder to register their card to take advantage of this service. This is a one time process which takes place on the card issuer’s website and involves the cardholder answering several security questions to which only the card issuer and cardholder will know the answer.
4
günstiger sofortkredit | Wed Dec 2, 2009 at 12.45 pm
I read your article.Its very useful content.Each cardholder will create a password which is associated with the card. When a transaction is underway online, the cardholder will be redirected to a third-party site representing the Card Issuing Authority, and asked for this password to authenticate the online transaction.