if I shipped. Would I definitely get the money as it's a full green?

Isnt that a question for 3D secure (whatever that is) and not this group? What too if 3D secure goes out of business?

Where's the ship-to? I don't see that order as necessarily a huge red flag at Christmas unless going to Nigeria or the like. Depends on dollar amount. Would certainly check out email, phone, name and address in G.

I thought 3D Secure was about prompting the card holder for their PIN code. It has nothing to do with the dodginess of the cardholder.

Any cardholder can apply for a PIN code. Whether they attempt to commit fraud with it is another matter.

I think you're not getting where I'm coming from.

For those that don't know, 3D secure is AKA Verified by VISA / Mastercard Securecard. Basically if the transaction is green then they will not do a chargeback if it turns out to be fraud.

The thing is the card might be genuine - but it ticks all the boxes of a fraud and has come up with a big red light (high risk) on the protx system (the 3rd man) - card used with various email addresses, at many addresses, big spend at this address etc etc.

So I've got The 3rd Man / protx saying no way, this is dodgy big-time.

And I've got VISA/Mastercard saying yeah, this is fine.

The card has probably been nicked in post or applied for using false identity or some other. What worries me is that the fraud has been able to dupe the brand new 3D secure system and what are the implications for this for online ecommerce if it becomes easily abused/broken/defrauded?

Unfortunately 3D Secure is not the anti-fraud panacea it claims to be - it's really easy to get a new password with only basic information about the cardholder. It also doesn't protect you unconditionally against chargebacks, even if the correct password is entered.

If this order turns out to be fraudulent, then it's likely you will not be liable for it, but there are exceptions and you may find it ends up costing you anyway. Why take the chance?

Remember you are not obliged to sell anything to anyone - if you're unhappy with the order, don't process it. Your gut instinct is often right!

Protx says that 3D secure verified transactions have a shift in liability which I understood to mean that they will not chargeback on these transactions.

Otherwise what is the point of using 3D secure (Verified by Visa)?

3d does not promise no chargebacks this is a false assumption. It varies big time with so much red tape you will never figure it out.

maybe the mod will allow this link or at least do a redirect. This will tell you NOT TO PROCESS THE ORDER.

It is your responsibility to verify the information with the bank the card is drawn from, if you don't you will be issued a chargback if the order is a fraud and you as welll as me know it is. just ttooooo may flags there not to seee it.

Got one a minute ago 600.00 order he said need it shipped fast yea right....

The reason to be involved with it you do get a reduced processing fee and it does discourge the majority of fraud orders but as you see not all.

I bet there are those that have stolen the idenity of the card holder changed the information to use in systems such as this as it does tend to lower your guard and they have gotten orders processed and delivered on a higher percentage.

[edited by: minnapple at 11:34 pm (utc) on Dec. 14, 2007]

>> Otherwise what is the point of using 3D secure (Verified by Visa)?

There is no point. It's a scheme hatched by Visa to reduce their losses, but it's not customer-friendly.

We offered it for a year, before removing it from our site. We received many emails from confused customers, who clicked-away because they didn't have their card registered for VbV, and instead were presented a spammy message to sign-up now.

Once we removed it, our conversion rate rose, and our chareback rate remained the same. Of course, YMMV ..

Hi,

As the ex-CTO of a virtual credit-card scheme I can tell you that I am utterly unconvinced by the VISA/MC schemes and refuse to use them at all as a customer. The first (and last) time I was prompted for my details (a) it was totally impossible for *me* to tell if the request was being faked or not due to the way it was presented in my browser ie think man-in-the-middle attack, and (b) it was broken anyway as it turned out the card company had recorded my DOB wrongly.

So, 3D secure does nothing much to increase security and is to my (professional and end-user) eye easy to spoof.

Trust your instincts, not just the security scheme.

IMHO.

Rgds

Damon

PS. Note that I'm an ex-CTO so maybe you should discount my views accordingly! B^>

We also trialled 3D Secure a while ago and removed it because of the confusion it caused. The problem is that soon we won't have a choice in the UK - already it will be compulsory for Maestro transactions next year, and Visa and Mastercard are sure to follow. Considering how much promotion was given to Chip and Pin when that was introduced for offline transactions, 3D Secure is being left to the merchants to promote which is just going be chaotic. Suffice to say we will be leaving it until the very last minute before we add it.

Some more information on 3-D Secure. At least this is what I understood from 3-D Secure:
3-D Secure offers a high level of security since it allows customers to be identified unambiguously through technologies implemented by the issuing banks.
By offering 3-D Secure, a merchant benefits from a conditional payment guarantee described in the 3-D Secure contract with his acquirer. Under these conditions, a merchant's account is no longer debited for disputes over "non-identification of the cardholder" (this does not apply to disputes over other matters!).

STANDARD 3-D SECURE TRANSACTION PROCESSING
How does it work?
If authentication is successful, the merchant can benefit from the conditional payment guarantee provided by his acquirer.
If the card is not enrolled, the merchant receives some level of conditional payment guarantee provided by his acquirer.
In both cases, therefore, the merchant has, under certain conditions (defined by VISA, MasterCard and financial organisms, and as described in the 3-D Secure contract with his acquirer), a payment guarantee, even without receiving identifying information from the customer.

Those conditional payment guarantee rules are exclusively managed between the merchant and his acquirer.

But this does not exclude fraud. That's why some Payment Service Providers offer extra Fraud Module.

When Visa forced Protx to use 3D secure is the day I moved my merchant provider to PayPal Pro. As I recall, it was something FORCED onto Protx and therefore Forced onto us as merchants. The system frustrates the sale with little increase in legal protection for the merchant.