Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: buckworks
Just had a transaction that was given the full green light by the system "This transaction was fully 3D-Authenticated."
Yet if ever there was a more dodgy transaction then I'll eat my hat. They used different billing and delivery addresses then changed the billing address on the payment server, two large products for the same person, anonymous message - the same for each gift, anonymous yahoo email - need I say more - when using aol ISP, more than 1 attempt to pass the transaction, next day delivery etc etc.
So the question is - how secure is 3d secure? This is the all-singing, all-dancing no fraud's gonna get through this baby. Oh yeah?
Anyone else had completely fraudulent orders get through as passed?
And what would happen if I shipped. Would I definitely get the money as it's a full green?
if I shipped. Would I definitely get the money as it's a full green?
Isnt that a question for 3D secure (whatever that is) and not this group? What too if 3D secure goes out of business?
Where's the ship-to? I don't see that order as necessarily a huge red flag at Christmas unless going to Nigeria or the like. Depends on dollar amount. Would certainly check out email, phone, name and address in G.
For those that don't know, 3D secure is AKA Verified by VISA / Mastercard Securecard. Basically if the transaction is green then they will not do a chargeback if it turns out to be fraud.
The thing is the card might be genuine - but it ticks all the boxes of a fraud and has come up with a big red light (high risk) on the protx system (the 3rd man) - card used with various email addresses, at many addresses, big spend at this address etc etc.
So I've got The 3rd Man / protx saying no way, this is dodgy big-time.
And I've got VISA/Mastercard saying yeah, this is fine.
The card has probably been nicked in post or applied for using false identity or some other. What worries me is that the fraud has been able to dupe the brand new 3D secure system and what are the implications for this for online ecommerce if it becomes easily abused/broken/defrauded?
If this order turns out to be fraudulent, then it's likely you will not be liable for it, but there are exceptions and you may find it ends up costing you anyway. Why take the chance?
Remember you are not obliged to sell anything to anyone - if you're unhappy with the order, don't process it. Your gut instinct is often right!
maybe the mod will allow this link or at least do a redirect. This will tell you NOT TO PROCESS THE ORDER.
It is your responsibility to verify the information with the bank the card is drawn from, if you don't you will be issued a chargback if the order is a fraud and you as welll as me know it is. just ttooooo may flags there not to seee it.
Got one a minute ago 600.00 order he said need it shipped fast yea right....
The reason to be involved with it you do get a reduced processing fee and it does discourge the majority of fraud orders but as you see not all.
I bet there are those that have stolen the idenity of the card holder changed the information to use in systems such as this as it does tend to lower your guard and they have gotten orders processed and delivered on a higher percentage.
[edited by: minnapple at 11:34 pm (utc) on Dec. 14, 2007]
There is no point. It's a scheme hatched by Visa to reduce their losses, but it's not customer-friendly.
We offered it for a year, before removing it from our site. We received many emails from confused customers, who clicked-away because they didn't have their card registered for VbV, and instead were presented a spammy message to sign-up now.
Once we removed it, our conversion rate rose, and our chareback rate remained the same. Of course, YMMV ..
As the ex-CTO of a virtual credit-card scheme I can tell you that I am utterly unconvinced by the VISA/MC schemes and refuse to use them at all as a customer. The first (and last) time I was prompted for my details (a) it was totally impossible for *me* to tell if the request was being faked or not due to the way it was presented in my browser ie think man-in-the-middle attack, and (b) it was broken anyway as it turned out the card company had recorded my DOB wrongly.
So, 3D secure does nothing much to increase security and is to my (professional and end-user) eye easy to spoof.
Trust your instincts, not just the security scheme.
PS. Note that I'm an ex-CTO so maybe you should discount my views accordingly! B^>
STANDARD 3-D SECURE TRANSACTION PROCESSING
How does it work?
If authentication is successful, the merchant can benefit from the conditional payment guarantee provided by his acquirer.
If the card is not enrolled, the merchant receives some level of conditional payment guarantee provided by his acquirer.
In both cases, therefore, the merchant has, under certain conditions (defined by VISA, MasterCard and financial organisms, and as described in the 3-D Secure contract with his acquirer), a payment guarantee, even without receiving identifying information from the customer.
Those conditional payment guarantee rules are exclusively managed between the merchant and his acquirer.
But this does not exclude fraud. That's why some Payment Service Providers offer extra Fraud Module.
joined:Mar 8, 2002