homepage Welcome to WebmasterWorld Guest from 54.167.173.250
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
WorldPay to use VbV and MCSC
..but do pop-up blockers affect payments?
PCInk




msg:639004
 12:07 pm on Nov 25, 2004 (gmt 0)

I am concerned here - hopefully people have used VbV and MCSC before and can answer this question.

WorldPay are about to implement VbV and MCSC (30 Nov) where a pop-up prompts the card holder for a password (if they are enrolled). How do this work if the user has a pop-up blocker installed?

There are a lot of pop-up blockers out there - Google toolbar, Yahoo toolbar, Netscape/Opera/Firefox all have the option. Norton internet security packages. Independant programs...

If we are going to lose the payment and the order, it seems like a bad idea to me.

 

jweighell




msg:639005
 12:25 pm on Nov 25, 2004 (gmt 0)

This has already been activated on my account, there's the following message on the payment page:

If you are enrolled for Verified By Visa, please ensure that Javascript is enabled. Pop-up killers should also be disabled before you proceed.

This would make sense to me, but would it for the every day Joe Public?

FraudAdvisor




msg:639006
 12:44 pm on Nov 25, 2004 (gmt 0)

Hi PCInk

This is one of the concerns I raised with Visa and MC in my previous life working for the "other" global scheme and is principally the reason why the "other" scheme sat tight before launching their own version.

IMHO Visa rushed to market with VbyV - I was at the Cybersource sponsored CNP workshop where their new boy announced the service and proclaimed "chargebacks are a thing of the past for CNP merchants". A slightly OTT claim given the subsequent back peddling over CB codes that are infact covered by VbyV and the easy way a V issuer can simply find another reason to CB.

In principle if the box is suppressed and the Cardholder doesn't see it the transaction should freeze. If it doesn't and is allowed to continue then guess what - you're liable.

Couple this to the service's exposure to phishing and the appalling take up rates and again, IMHO, the service will either wither on the vine or have to go through some radical changes before widespread issuer acceptance.

Also, be careful when assuming all V or MC transactions are covered. Read the small print and you'll realise only certain card markets are afforded even the limited CB protection by these services so you'll still need to parse country of origin to ensure you are covered.

When I left the "other" scheme back in June there was huge discussion in the "industry" about these two services - not least amongst UK issuers and acquirers who were stressing out about the cost of a) the fallback to the Issuer and b) the cost and complexity of implementation for merchants (a simple API these ain't) c) the perception of merchants as to it's value.

Speaking as one who has lived a while on "the dark side" as merchants regard it, there is a genuine desire to find the "Holy Grail" in CNP payments that will perform the basic function of "accept payments this way and you are guaranteed payment". I myself got my scheme to the point of "almost" being able to offer that - a chance in a billion of getting it wrong meant we didn't go to market.

I'd ask some very probing questions of anyone offering you this or any similair service. Just exactly which liabilities am I being released from? What happens if the pop up is supressed? What other reasons can be used to execute CB?

Bear in mind that UK Banks at least have publicly voiced the opinion that people who are phished should be liable for any and all losses (negligence in the banks eyes) it may not be too long before VbyV and other similair schemes usefulness in cardholders eyes diminishes with successful phishing attacks.

Watch this space for EMV in a CNP environment. Shouldn't be too long before that's on offer - just got to get Cardholders in the right frame of mind and prove the technology :)

Same goes for Chip & PIN in the UK. The Card Issuers will be laughing - merchants won't. The France experiment seems to only be reported one way - resounding success! For the French issuers, undoubtedly. For foreign issuers and French merchants - not really. Inbound fraud shot up - so much so that the France infrastructure had to be upgraded intoto to perform 100% live auth on all inbound spend - a nightmare given the then weak state of the telecoms infrastructure.

Fraudsters aren't dumb. The majority of worldwide loss goes to highly intelligent and driven groups organised much on the same lines are corporations.

They have figured the Chip & PIN rollout as an "expense" and are already finding ways round it. The migration to CNP environments is one example - also watch for an initial sharp increase on fall back to magstripe as retailers try to get their heads round the new reality of acceptance - all it takes is some clear nail varnish to render a chip useless and the humble magstripe is in use again.

derekwong28




msg:639007
 5:40 pm on Nov 25, 2004 (gmt 0)

Hi, is this going to be compulsory for all accounts? If so, where can I find the information on Worldpay's site?

chodges84




msg:639008
 7:49 pm on Nov 25, 2004 (gmt 0)

yeah, I think it is going to be compulsory. They sent me an e-mail notifying me that they were going to update my account. It was updated late on Tuesday I think.

All the e-mails confirming the payment now have a message giving the "Authentication Results". Yesterday 2 people entered there password, abotu 15 didnt have one, and strangely 2 People choose not to, so it will still go through with the transaction if thy dont enter the password and they have one.

Unless I'm reading it wrong of course.

Morocco




msg:639009
 2:30 pm on Nov 29, 2004 (gmt 0)

This is useful

[sitepoint.com...]

shaoye




msg:639010
 10:39 pm on Nov 30, 2004 (gmt 0)

Worldpay is horrible
My experience with them is once they get your money, they are finished with you. Besides they are so expensive!

lorax




msg:639011
 3:14 pm on Dec 1, 2004 (gmt 0)

FraudAdvisor, I saw your posts earlier and neglected to give you a welcome so.. Welcome to WebmasterWorld!

The thought occurs to me that if the user is smart enough to install a pop-up blocker wouldn't they be smart enough to realize it might be the reason they can't complete the purchase? I know I'm giving the buyer alot of credit here but surely some will realize it.

So the gist of WorldPay's gamble is that they feel the merits of the verified by visa system outweight the risks of incomplete sales because of popup blockers?

derekwong28




msg:639012
 3:25 pm on Dec 1, 2004 (gmt 0)

It looks like we have been enrolled too. As things go, it will turn out alright. It seems that Worldpay will still let the transaction go through if the enrolled cardholder chooses not to enter his PIN.

Authentication Results:
Cardholder Did Not Complete Authentication

FraudAdvisor




msg:639013
 4:24 pm on Dec 1, 2004 (gmt 0)

Hi Lorax

Yes, you'd think so but there's no accounting for consumer behaviour (just because you can use email doesn't mean you're not dumb enough to fall for an appallingly bad spelt phishing attempt or 419 scam ;) )

Also with SP2 from the gurus *sic* at Micro$oft your common or garden user will probably lamely go with the dire warning of hell be unleashed if you allow pop ups.

It's not a major problem but just makes the service stand out as a knee jerk rush to market.

Per the Sitepoint link elsewhere in this topic - nice bit of PR from a company with a vested interest in VbyV - totally misses the point on regional coverage, limited liability shift and the ability of issuers to find other ways to bang back merchants - whether or not VbyV was in place.

As I think I said before the hiatus in the UK market over VbyV is compounding a miserable take up and causing confusion in the consumer space. I for one shop till I drop online - not once have I been prompted for VbyV.....

IMHO - as stated before, I don't give any of these services a terribly long shelf life - they're too exposed, too complicated to adopt for anyone other than massive players, and the truth of their ability or otherwise to deflect losses from merchants will become painfully plain in the coming months and years.

Issuers are spitting at the imposition of this diktat on their bottom lines ...

Morocco




msg:639014
 7:25 pm on Dec 1, 2004 (gmt 0)

Fraud Advisor,

You are correct. That article only outlines the North American coverage for merchants.

I guess UK coverage is very different.

ChronoMan




msg:639015
 8:07 pm on Dec 1, 2004 (gmt 0)

We've tried out VbV/MCSC and it's actually quite good stuff.

The only problem is , obviously :D, that a lot of cards get declined. On Visa around 15% drop of sales, on MasterCard more.

Its quite easy to solve - just request a second merchant account with Your bank which is non secured and use it for declined transactions (that's possible).

Another good thing to do is - acquire Your own MPI module and certifiy it with the acquirer.

However naturally You wont be able to do any of this on third party billers. Get Your own merchant account.

My 2 cents.

Morocco




msg:639016
 9:03 pm on Dec 1, 2004 (gmt 0)

are you a US merchant

lorax




msg:639017
 9:56 pm on Dec 1, 2004 (gmt 0)

Welcome to the WebmasterWorld forums ChronoMan.

ChronoMan




msg:639018
 8:36 am on Dec 2, 2004 (gmt 0)

Thanks for welcoming.

We're a Payment Service Provider.
So for us it's a bit easier.
:-)

And no , we're not from USA. We operate in EU mainly.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved