The article describes efforts to find phishing schemes and fradulent websites. So I don't see how this will help prevent fraudulent transactions against honest merchants.

Maybe over the long haul it will help honest website owners by reducing the volume of stolen card numbers.

Credit card companies are making massive income from internet fraud - they will never do anything to jeopardize that income - just make soundbytes to try and calm internet retailers.

>So I don't see how this will help prevent fraudulent transactions against honest merchants.

The article also goes on to say:

>It will also look out for internet sites that are illegally trading stolen credit card numbers and stolen identities which enable criminals to impersonate people and borrow money in their name.

This could help cut down fraud.

We as online merchants are in the midst of a huge industry change. MC/Visa/JCB/Disc/Amex are all working together inorder to crush internet fraud. The payment networks are putting checks and balances on us as merchnats but they are also creating beneifts for us that we have never enjoyed before. Being a beneficiary of this has given me a new hope in our industry and a vision for the future.

10 years from now we will be the number one consumer market in the world.

Just another step toward making it easier for merchants to get screwed.

We should all start using NETeller or Pre-Paid ATM, they guarantee no charge-backs - if a user charges back they eat it. I've been going through NETeller's API documentation and it's actually pretty easy ... although I don't know if I'm ready to go exclusive yet.

I don't really know what else we can do, other than continue to lobby the politicians - as long as banks continue to profit from Internet fraud, we're going to continue to get screwed by fraudulent buyers. Maybe if enough high-volume sellers stop accepting MC/VISA they'll "get it".

>Just another step toward making it easier for merchants to get screwed.

What do you mean by this?

Just another step toward making it easier for merchants to get screwed.
We should all start using NETeller or Pre-Paid ATM, they guarantee no charge-backs - if a user charges back they eat it. I've been going through NETeller's API documentation and it's actually pretty easy ... although I don't know if I'm ready to go exclusive yet.

I don't really know what else we can do, other than continue to lobby the politicians - as long as banks continue to profit from Internet fraud, we're going to continue to get screwed by fraudulent buyers. Maybe if enough high-volume sellers stop accepting MC/VISA they'll "get it".

Digitalv,

I'm sorry but I completly diagree with you. I understand your position on this issue and I can assume you have been on the recieving end of chargebacks more than once.

To begin, NETeller won't be around in two years, and neither will it's cousins like PayPal. The card networks are doing all they can to eliminate these 3rd party processors already, and these companies will be crushed under that type of pressure. So I highly recommend not investing your time in advocation of them or recommending them to up and coming merchants who can be easily influenced by a single post.

Secondly, I believe that that you are highly misinformed concerning the direction of the industry and where cc companies are taking us. In the case of Visa, they make it possible to render yourself completely unliable if a fradulent chargeback occurs. All ittakes in one phone-call and small program integartion and they grant this privilege to you on all their consumer cards, domestic and international, and they lower your interchange rate. MC is in developement as well, not to mention Amex/Disc.

Finally, Banks will no longer stand to pprofit from chargebacks with the latest developements being done by the cc companies. They will no longer be able to arbitrarily issue cards and not take responsibility for their transactions. This is slowly becoming a thing of the past.

I highly recommend not investing your time in advocation of them

Hmmm - kinda like joining a forum under the pretense of being a regular member, and constantly plugging Verified by Visa or any other lame "a dollar short and a day late" attempt to cut into PayPal - that would be a real waste of time.

That's not it.

My main position is that 3rd party processors have been being cracked down upon.

Funny assumption though. I found out about VbV here.

Thanks

BCol,

I'll tell you what. I will take that as insult. I'm here trying to help people, and get help from other people who share a common goal and industry.

This is a waste of time....

I'm talking to a person who listed one of his interests on his profile as "your mother." Guess what, your maturity check just bounced, along with your credibility. This is a business forum for profesionals.

[edited by: Morocco at 5:52 pm (utc) on June 23, 2004]

PayPal has more than enough cash to fight in the courts if Visa/MC/Amex try to cut them out.

Visa/MC are already hyper-sensitive to anti-trust litigation and aren't likely to try and pick a fight here that might open Pandora's Box for them.

VbV is nice and all, but until its adopted by the majority of the infrastructure players, its a non-starter for the majority of online shops.

PayPal and NETeller aren't going anywhere ... to suggest they are is absurd. There is a much stronger movement among merchants toward unified payment services than people signing up for merchant accounts directly with the credit card companies.

The down side to PayPal is that the buyers and sellers accounts are one and the same, and anyone can get one with no real verification. NETeller actually runs a credit check, does phone verification, etc. before you can open an account and start sending people money. And to open a merchant account with them is an even more strict verification process. That's why they guarantee no charge-backs.

As a buyer I like the concept of having my bank accounts/credit cards in one location and never having to send that information to the actual merchant I'm buying goods from. If all websites worked that way, there wouldn't be any online credit card fraud because no merchants who don't know jack crap about security would have your credit card number in their database.

i hate to add fuel to the fire, but you protest too much Morocco.

You claim that the 3rd party processors are doomed, but I saw another post where you gave a great recommendation about Digital River. Correct me if I'm wrong, but aren't they a glorified 3rd party processor? Except they sell you a whole ecommerce package.

CernyM is right that VBV and securecode are very immature products at this point and not that good of a solution, so the question is, why do you keep recommending them so enthusiasticaly? One thing I notice you never mention is that the customer has to sign up for the program also. If none of your customers sign up, then you still have to worry about chargebacks.

Here's one thing I'd like to know, what percentage of credit card owners are signed up with VBV or securecode? 1%? 0.5%?

You claim that the 3rd party processors are doomed, but I saw another post where you gave a great recommendation about Digital River. Correct me if I'm wrong, but aren't they a glorified 3rd party processor? Except they sell you a whole ecommerce package.

Refer here: [wilsonweb.com...]

These are 3rd party processors:

2CheckOut
ProPay
ClickBank
I-Bill
CCBill
InternetSecure
CCNow
PayPal
Verotel
MultiCards

Digital River is a complete eCommerce package directly linked to the FDIC. They are one of the cornerstones in eCommerce industry and they provide a specefic service to exceptional merchants from the largest to the smallest.

CernyM is right that VBV and securecode are very immature products at this point and not that good of a solution, so the question is, why do you keep recommending them so enthusiasticaly?

I think these programs represent the beginning of a major industrial change and an outreach being done on the highest CC levels to combat cardholder-not present fraud. My children are fed based on the success of the eCommerce industry and when you notice a shift like this you tend to try and ride the wave. You have to understand VbV and SecureCode aren't companies or products. They are specefic program initiatives that are available to merchants. So I support an ideal not a company. I was introduced to these programs here for the first time and encountered them at several trade shows (ETA)(MRC). I agree with what they represent and support the goal that they have set out to accomplish. Fraud and security are the only binds that are holding down the eCommerce industry

One thing I notice you never mention is that the customer has to sign up for the program also. If none of your customers sign up, then you still have to worry about chargebacks.

Incorrect. I may not understand what you mean here. VbV protects all cards regardless of cardholder enrollment. An unenrolled card shopping on your site is protected 100% against a fraudulent chargeback. SecureCode only protects enrolled cards.

Here's one thing I'd like to know, what percentage of credit card owners are signed up with VBV or securecode? 1%? 0.5%?

Sorry I don't know the actual numbers.

[usa.visa.com...]

PS. Sorry if I came off a little combative. I'll try not to talk about this again. I did extensive research into the programs and when I see people who had the same problems as us I like to chime in and tell them how we were able to solve them.

At least some credit cards are now asking you to enter a VbV PIN during your initial registration/validation, so over time you would expect the number of cardholders with PINs to increase.

Of course, merchants are going to have to deal with lost sales because customers forget their PIN. I already have turned CVV codes to "optional" on my cart because of the number of my customers that enter the wrong number (I should mentioned that my historic chargeback rate is negligible, which is a function of my product space).

That's a good thing, but, the marketing/adoption of VbV has been miserable.

With North American Bancard as my merchant account provider, Authorize.net as my gateway, and Mal's E-commerce as my shopping cart, I have absolutely no idea how I would go about implementing VbV.

According to Mal, its an authorize.net issue. According to other stuff I've read, authorize.net is irrelevant. It didn't take me long to decide to just shelve any hopes of VbV until it was actually implementable.

A standard with protections does no good if you can't actually adopt it.

-Digital River is a complete eCommerce package directly linked to the FDIC.

fdic is for deposit insurance. did they start offering cc processing as another service?

-They are one of the cornerstones in eCommerce industry and they provide a specefic service to exceptional merchants from the largest to the smallest.

guess who digital rivers partners with? CCNOW. again, my question is if 3rd party processors are doomed, why are you promoting a service that deals with 3rd party processors?

-VbV protects all cards regardless of cardholder enrollment.

so you're saying that all I have to do is sign up for VBV and even if no one enters a password, then I'm still covered 100% for chargebacks? if true, please sticky me to sign up. I'll just sign up, never implement VBV and I'll be covered, right?

don't worry about being combative, it's no big deal, but as I said before, you protest too much. Here's a good idea that you might want to pass along to your supervisors, tell them that we can all reduce cc fraud overnight by making the issuing bank liable for any chargebacks instead of the merchant. I guarantee chargebacks would be drastically reduced in no time.

Cerny I agree totally with eveyhting you have said.

Auth.net provides VbV/SecureCode....so does VeriSign...most gateways I find have it available to merchants:

[verisign.com...]

I know authnet provides it...try and google it should come up. Most gateways provide it within package deal.

:)

What does the FDIC have to do with processing credit cards? FDIC is a federal insurance program for checking/savings accounts. Merchant accounts, if they're insured at all, would be insured privately not by FDIC.

Here's a good idea that you might want to pass along to your supervisors, tell them that we can all reduce cc fraud overnight by making the issuing bank liable for any chargebacks instead of the merchant. I guarantee chargebacks would be drastically reduced in no time.

This wouldn't actually reduce fraud, it would just shift from buyers to sellers. Instead of buyers trying to rip off sellers by getting stuff and charging it back, sellers would buy things from themselves using stolen credit cards and keep the money if the bank has to eat it. The only way to solve the fraud problem is to make all purchases with a credit card the CARD HOLDER's responsibility. If you lose your card, call it in stolen and it will get shut off - but anything that happened before you turned it off you still have to pay for. Sorry. Pay attention to where you put your card. Which is why I would like to see things move towards systems like NETeller and PayPal, so you don't have to give your credit card number to every website you want to buy something from - just store it at the third party processor and forget about it.

so you're saying that all I have to do is sign up for VBV and even if no one enters a password, then I'm still covered 100% for chargebacks? if true, please sticky me to sign up. I'll just sign up, never implement VBV and I'll be covered, right?

Somewhat correct. You have to integrate the software into your checkout process. VbV protects on "attempted authentications" and "actual authentication." If a cardholder isn't enrolled you will attempt to see if they are apart of the program. By doing this you will collect two extra pieces of code which attach themselves to the transaction proving that you are a VbV merchant and participating in the program. That transaction can't be charged back for fraud by the issuing bank becauee it will be intercepted in the Visa Net and returned to the cardholders bank. So in a sense you are partially correct.

Glad to see some heated debate on a very important issue:

VbV is actually pretty ingenious from Visa's perspective. Yes they've done a horrible job marketing it unlike companies like CitiBank which are running extensive campaigns educating consumers about identity theft, etc. I think Visa needs to do something along the same lines. Recently there have been ads on Yahoo's homepage but there is still a long way to go.

But, to clear up some misconceptions about the program, I'm writing a consolidation of what took me months to piece together from various sources including merchant banks and Visa International. It's actually not a bad deal.

Even if your customers haven't signed up for or enabled VbV, you as a merchant are covered as long as you TRY to authenticate them with VbV. The "TRY" part means that you can't just sign up for the program and do nothing, you have to send in the credit card info for authentication. Let your programmers figure out the HOW part. It's a few hours of work for them if you are on a gateway that supports it. If the customer isn't signed up, well, you tried, so you are covered. The customer wouldn't even notice anything different other than that the transaction takes an extra second or two to finalize. If the customers' bank doesn't support it, well, you still tried, so you are still covered, and again the customer doesn't notice anything different. If the customer IS signed up, and they don't remember their PIN, you just lost a sale. It's not perfect, but it's a step in the right direction.

Does this beauty pageant last forever? Definately not. If the customer's bank supports it but the customer isn't signed up for VbV, the customer can only buy up to 4 times using their credit card on any of the sites that support VbV, after which the customer will be forced to register for VbV. If they don't, they can't use that card on sites that support VbV until they register, but they can still use their card at other places that aren't VbV-enabled. This is the one part that doesn't seem fair to me. By trying to be part of the infrastructure, we kind of get screwed if the customer doesn't want to participate at all. Additionally, if you are in a service oriented business like mine where repeat purchases are important and are the norm, you are kind of setting up a hurdle for your customers a few purchases away from their first.

I spent several months researching this and reading up on the direction this is all going towards. On a conceptual level, Visa wins because they've given incentive to everyone. Merchants want protection so they have reason to implement it despite its shortcomings. Banks have reason to implement it because if they don't, the bank is forced to eat the chargeback. Visa implements it because, guess what, they get a per-transaction fee on each authentication attempt. If everyone implements it and it is still a fraudulent transaction, Visa pays the bill. In my opinion, it's only fair. After all, Visa stores the VbV pins, so if they get hacked, well, it's their fault right?

Finally, it is really up to you whether you want to send in a transaction for VbV authentication or not. If you don't request VbV authentication its just business as usual for you...just AVS, CVV, and your usual anti-fraud tools. You can have your programmers set up a rules-based system. For example, because I was concerned about future purchases, I only run the first purchase through VbV. If they clear that, well, I hope I can figure out if they are fraudsters before they nab me again down the road. I usually find that it is when both sides are strangers that we are both most open to fraud...from both the merchant site and the consumer's perspective. Anyone who is going to buy 4 or 5 times in seperate purchases within the same day or two is going to be fraud regardless...I don't need VbV to tell me that.

I for one am 'in'...I think it's worth a shot. I'm implementing it over the next few weeks and will see how it goes. Ecommerce is still around 4% of all sales - we're in the minority, so we are stuck feeling like one. Personally, I think the long-term solution will be slow and steady advances in screening tools like VbV, credit card blacklists, etc. At the same time though we are all too privacy oriented in the US to let these measures take hold so I think it's going to be a constant battle. Big business doesn't have incentive to implement these things yet. 10 years from now, let's hope that ecommerce players are a dominant power too.

are you morocco's co-worker? he runs into trouble and you start posting to bail him out?

he never did answer my question about why he recommends Digital River when they partner with CCNOW.

Does this beauty pageant last forever? Definately not. If the customer's bank supports it but the customer isn't signed up for VbV, the customer can only buy up to 4 times using their credit card on any of the sites that support VbV, after which the customer will be forced to register for VbV.

Ouch, that's the actual deal breaker for me. I get a lot of repeat business, and the 4 time limit would most likely cost me more business than the fraud protection would save me in losses.

Probably at least 3-5 years before VbV penetration is deep enough to go mainstream. Too bad, the peace of mind would have been nice to have.

--Mike

are you morocco's co-worker? he runs into trouble and you start posting to bail him out?
he never did answer my question about why he recommends Digital River when they partner with CCNOW.

Wackal,

My only advice to you is to do some research for yourself like Wayzel and myself. He isn't bailing me out, I only offered him my contact that gave me the answers I was looking for, which I recieved from another very, very repudible member here (Corey). Call CardinalCommerce, ClearCommerce, CyberSource, Arcot, Visa, MC, FirstData, VeriSign, AuthNet and make sure you talk to the right people. The programs are horribly marketed to merchants and most of the time you can't get the right answers unless you speak to the right people. I only talk about this because I feel like it is going to make a huge difference in the long run, and I’ve seen great results immediately.

The ONLY thing that's going to make a huge difference in the long run is putting the responsibility of purchase on the card holders. If the credit card companies stopped refunding purchases just because the card holder decided they didn't want to pay for something, you wouldn't see a drop in online spending - you would see a drop in FRAUD. If you lose your card, too bad - you call and shut it off and if someone spent money on it before that happened it's YOUR FAULT for losing the card. If you dropped a wad of cash out of your wallet, you wouldn't expect your bank to give you a refund. Electronic transactions should be no different.

The worst type of charge-back is the "item not as advertised" ... like the BANK can tell whether the item does what it's supposed to or not, they have no right to "guess" whether the merchant's advertising was faulty or not.

I am so tired of people who refuse to take responsibility for themselves. If your card number is stolen, it's because YOU gave that number to someone who couldn't be trusted with it. This is (again) why the third party merchant tellers like PayPal and NETeller are way more valuable than Verified by Freakin Visa.

digitalv if you thought about it you would know that could never happen. The CC system is based on consumers feeling safe. As a matter of fact our whole ecconomy is based on everyone accepting the fact that the dollar is worth something. It is really just paper. The cc companies have worked real hard to convince people that they are safe. If people thought they would be responsible for stolen credit card charges online ecommerce would cease to exist. People are just now starting to trust the Internet a little.

One thing I forgot to mention is that VbV doesn't protect you from the "I didn't like your product" or "they sent me the wrong widget" types of chargebacks. It just covers the "I never bought this/I didn't do it" (code 83 I think?)

Digitalv, I've read and agree with many of your posts, but in my experience the majority of the fraudulent purchases on my site are run using credit card data that is still physically in the hands of the credit card owner. I know this because I used to call people who made large purchases and they'd say, "the card is right here in my wallet, I didn't buy that, and I want to know how they got my number." I've had it happen to myself as well. There are ATM machines out there that dispense real money but at the same time record your data for fraudsters to use. There are lots of phishing scams out there asking customers to update their credit card info online that look exactly like the real thing even though they aren't. There are sites that swipe fake pictures of BBB logos, security seals, etc. And of course there are also the low-budget low-security sites that store totally unencrypted credit card data for hackers to grab almost freely. It's not fair to just blame the customer. I wish we could because it would make my life easier too, but just about everyone is slacking in one way or another. If we were to shift liability to the consumer, online commerce WOULD decrease, no question about it.

To the poster who mentioned pushing for one product or gateway or this or that, I'm just offering what I've learned to the public. Feel free to take it at face value. Nobody is making you sign up for anything you don't want to sign up for. It's a free world man.

Yes, everything is a balance. We need a culture of law and order and credit cards provide that.

What we really need is a ebay like trust network so you can see everyone's "feedback" score.

The ONLY thing that's going to make a huge difference in the long run is putting the responsibility of purchase on the card holders. If the credit card companies stopped refunding purchases just because the card holder decided they didn't want to pay for something, you wouldn't see a drop in online spending - you would see a drop in FRAUD. If you lose your card, too bad - you call and shut it off and if someone spent money on it before that happened it's YOUR FAULT for losing the card. If you dropped a wad of cash out of your wallet, you wouldn't expect your bank to give you a refund. Electronic transactions should be no different.

As a victim of identity theft, I'd say you are off the mark here. The technology exists to make it very easy to stop this sort of fraud in its tracks.

The fact that the businesses involved would rather keep credit and commerce easy than implement solutions requires that the cost of fraud be theirs to bear.

Expect more legislation on this matter as time goes on.