June 20th, 2014 by Elma Jane

A recent survey said, 82 percent of e-commerce merchants who currently do not employ a consumer authentication solution are afraid that such solutions will scare off online shoppers, but with more and more fraud expected to migrate online in the coming years, the payments industry needs to do a better job of informing merchants why authentication in the card-not-present realm is crucial to data security.

While a majority of payment service companies employ some type of 3-D Secure online authentication, and most large merchants do likewise, the rest of the merchant population, especially in North America, apparently do not. 55 percent of merchants surveyed, a majority of which are U.S.-based, do not use online authentication, noting that North America is the only world region where less than half of merchants use the technology. The reason so many U.S. merchants eschew consumer authentication is they see it as a sales killer.

The main reason appears to be fear, uncertainty and doubt (FUD) about how consumer authentication will impact sales conversion and user experience, 43 percent of merchant respondents are FUD-preoccupied, with 20 percent concerned about the effect of the technology on sales conversion, 13 percent worried about changing the user experience and 10 percent simply want nothing to do with consumer authentication. Beyond the FUD concerns, there is also a very real perception with merchants and service providers that integration is long and difficult, adding that 21 percent of merchants who do not employ authentication, citing the time and/or cost of integration as the barrier.

End to FUD

The solution to merchant adoption of some form of 3-D Secure technology is apparently education. Many FUD concerns are related to a hangover effect caused by bad experiences with previous iterations of consumer authentication. But the report provides evidence that the FUD factor can be overcome because of the happiness factor that authentication-using merchants express. 81 percent of merchant respondents showing satisfaction with the solutions they have employed.

The report said nearly half of merchants surveyed said authentication had no effect on sales conversion, either positive or negative; however, almost 20 percent believe it has had a positive effect on sales. The positive result seems to be related to merchants who use authentication selectively, on specific transactions rather than on all of them. Additionally, the technology results in many merchants experiencing lower numbers of chargebacks. Amongst merchants, 59 percent overall say the authentication program brought a decrease in chargebacks and this is true for more than half of merchants from each geographic region.

FYI on FUD

The adoption is very low because not many people understand it. Online verification does retard the checkout process as a second screen pops up that consumers must navigate in order to proceed with the purchase. However, these barriers can be overcome with education and simply getting people comfortable with the technology. If we had this solution from day one on all e-commerce sites today nobody would be complaining because people would be used to doing it. It is a question of achieving ubiquity rather than taking a piecemeal approach to implementation. It is a matter of if you do it at one place or every place. If you have to do it at only one location that makes that site really secure. If all sites ask the same question, you get used to it.

Consumer authentication is also something that requires buy-in from issuers, acquirers and merchants. It is a participation solution where the issuer and the acquirer have to be participating in it. If you are an e-commerce site and you are certified with Verified by Visa the card brands proprietary version of 3-D Secure, if the card issuer has not embraced that, then the security will not happen.

Increasing number and frequency of breaches is slowly eroding consumers’ trust in the safety of e-commerce It’s not good for the whole ecosystem. At some point people will come back ­­­­­­­­and say, this is too risky to do online transactions with cards. Before that point is reached, businesses should improve their online defenses, and consumer authentication is central to that defense. With the U.S. payments infrastructure in the process of transitioning to the Europay/MasterCard/Visa (EMV) chip card standard at the physical POS, fraud in the United States will sharpen its focus on the less secure online channel. EMV will do a lot of good in terms of card present security, but it does not do anything for card-not-present environments. So how are we going to contain the online fraud? We have to go to a 3-D Secure type solution

 

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

May 23rd, 2014 by Elma Jane

State senate in California is advancing a bill SB 1351, mandates April 1, 2016, that would require California-based bankcard issuers and retailers to adopt Europay/MasterCard/Visa (EMV) chip card technology. SB 1351 bill is introduced March of 2014, passed out of committee on May 6 and may be voted on by the full senate as early as tomorrow, May 22nd.

Additionally, the bill specifies that any contracts entered into by financial institutions and card brands on or after Jan. 1, 2015, would have to include the provision that any new or replacement cards issued after April 1, 2016, be EMV compliant. The rationale for the bill comes from oft-cited evidence that EMV cards substantially reduce fraud.

In April 2014, Sen. Hill stated, My legislation holds all stakeholders accountable to protect consumers from scam artists who use fake cards to game the system.

The Electronic Transactions Association, however, does not see the issue the same way. Passing a single state technology standard will open the floodgate to additional state responses and create an expensive, unsafe and inefficient myriad of technology standards, the ETA said. The ETA is urging payment professionals in California to contact their legislators and let their opinions be heard.

The bill initially mandated Oct. 1, 2015, as the deadline for EMV implementation, which is the date set by Visa Inc. and MasterCard Worldwide for retailers to be EMV complaint or face potential fines in case of fraud. The bill also makes exceptions for small retailers and convenience stores/gas stations; they have until Oct. 1, 2017, to transition to EMV.

 

 

Posted in Best Practices for Merchants, Credit card Processing, EMV EuroPay MasterCard Visa Tagged with: , , , , , , , , , , , , , , , , , , , , ,