But if you are selling, say webhosting and using the electronic payment gateway's recurring billing, only the first payment is protected because the consumer initiated it. The other charges are not protected.

-Corey

I won't call, either. I go someplace else and order.

I won't even explain. (too aggravated at the moment.)

As a consumer, VbV has been a huge pain to me. I buy a lot online.

What a timely topic!

I went to my first store where I hit a VbV box like 5 minutes ago. It prompted me to enter information I already had, plus some ancillary information, such as my date of birth and my CVV2 number.

It took me a couple of seconds (and I'm a geek and buy lots online!) before I came to the DoB question, and then I said "why in the hell do you need that?".

I then realized it was my bank and VbV asking me for the information. It wasn't a major inconvinence, but three bullet points on why I should use VbV on that initial screen would be great. I was totally confused and simply went along with the process because I really wanted what this store was selling.

Still, it's damned confusing, and had I not really wanted the product, I probably would have turned around myself.

It helps to prevent the "I didn't do it" chargeback. A lot fo companies still use the archaic AVS feature. VBV / MSC is the newest technology. It is more like insurance for the merchant if you ask me. It is only time until the hacker breaks thru VBV / MSC as well.

-Corey

The banks and our processor assure us that conversions do not suffer with 3DS, but I am not conviced. Their reasoning is that the 3DS password process does not start until we have captured all the customer information, and that a genuine customer is unlikely to quit the process as this stage when they have given us all their order details compared to every other stange in the buying process.

A/B testing of this would introduce other complications.

3DS was never designed for phone orders - it was only designed for Internet transactions.

We considered taking order details by phone and then sending the customer a link to the completed online order ready to take them through the 3DS authentication process, but I'm not sure that would be of any benefit over telling the potential customer to place the order online in its entirety. Maybe it would save them typing in many of their details, but the most common reason we get for customers calling in with their phone order is that they dont want to put their card details online, and this wouldnt really get around that as far as the customer is concerned.

jules.

The banks and our processor assure us that conversions do not suffer with 3DS, but I am not conviced. Their reasoning is that the 3DS password process does not start until we have captured all the customer information, and that a genuine customer is unlikely to quit the process as this stage when they have given us all their order details compared to every other stange in the buying process.

Still, it's damned confusing, and had I not really wanted the product, I probably would have turned around myself.

I don't think these guys know, or care, how much impulse buying is going on on the internet. Not every customer is so desperate for a product that he/she is willing to jump through burning hoops for it.

3DS was never designed for phone orders - it was only designed for Internet transactions.

Exactly, but what to do with phone orders now?
This site has not had 1 chargeback, return or complaint in a year, and a high % of orders are by phone. VbV will kill it, as a lot of transactions are impulse buys.

..then realized it was my bank and VbV asking me for the information. It wasn't a major inconvinence, but three bullet points on why I should use VbV on that initial screen would be great. I was totally confused and simply went along with the process because I really wanted what this store was selling.

For the banks to enroll their customers into VbV during my transaction process I find unacceptable (though I cannot do anything against this mafia) You understood what was happening, most customers aren't savvy enough to know, so just get aggravated and close the window.

This VbV to my mind is going to cost merchants dearly. Sure theres lots of fraud, and its got to be addressed, but I think we're killing the goose now.. Too much security around my home makes it a jail, and no-one wants to visit.

Exactly, but what to do with phone orders now?

You would process phone orders using the same measures you use now - presumably you use AVS, CVV2, common sense, and in exceptional circumstances manual phone authorisations to check the customer name and address really match the details you have been given on the order.

The problem with phone orders is that now Internet transactions will become supposedly more secure, it's likely that the potential fraudsters will move to other ways to use their dodgy credit card numbers - such as by making phone orders!

jules.

All transactions through a virtual terminal means that the seller bears the brunt of any chargeback.

The shopper connects directly with the bank at the time of payment. The first time they do this they have to register once by entering various security details like DoB etc to get a pin number. After this they just enter their pin number with every payment.

VbV / MCSC are not to be used (cannot be used) for telephone orders. Anyone taking orders by telephone will miss out on the extra protection given by VbV / MCSC.

Offline card fraud is much worse than online fraud, so the card companies have focussed on C&P rather than VbV / MCSC - doing both together is too much for Mr Average to take in at once. Card companies will spread the word about VbV / MCSC sometime in the future - I think only 50% of UK credit cards are C&P at the moment, so there's a long way to go yet.

The premise is to engage and immediately connect a cardholder to their bank via your website, so they can submit a personal form of IP.

I'm going to be the dense one here. I thought it was up to the merchant to adopt this new technology. If not, who decides? The consumer's bank, the consumer, the merchant bank, or is it just a blanket thing?

you're not dense - they are perfectly sensible questions

VbV / MCSC are fairly new - not all card issuers are enrolled in the schemes yet so not all cards are set up for it.

at the moment it is up to the merchant or payment gateway provider to set up the necessary systems - worldpay have had this set up for some time now

it's up to the individual cardholder to enrol their cards in the system when they buy online through a VbV / MCSC compatible system with a VbV / MCSC enabled card. eventually this will be a "blanket" thing like chip and pin is in some countries.

of course, if the merchant chooses not to use VbV / MCSC, their customers cannot enrol and the merchant doesn't get the guarantees against chargebacks ....... kinda silly not to use it really ............

So what if the customer enrolls his card, but the merchant has not enrolled. Will there be a problem with the charge? What happens in the opposite case, the merchant enrolls, but the customer has not? Also, where does the payment processor come into play?

If the merchant is enrolled but the customer is not, the merchant is still protected.

Depends on your definition of payment processor. It is the electronic payment gateway that actually has to be compatible with VBV / MSC. The gateway lets the processor know the transaction was approved

-Corey

The shopper connects directly with the bank at the time of payment. The first time they do this they have to register once by entering various security details like DoB etc to get a pin number. After this they just enter their pin number with every payment.

I guess that's why I'm messed up. The first time I saw this, I must have decided that was something I didn't need to use. I was fairly sure it was my bank, but didn't see the need to give up extra details. Most merchants are quite happy with my CC#, exp, and CCV.

At the current moment I've seen it a few times, and VbV makes me go through the process, then produces a rejection screen for me - while charging my card. I think the merchant knows I'm paid up, but I don't. (which makes me think I still need to find a way to pay... causing a double charge or some other confusion)

That's *&@&!ed up... creates an issue for everyone. If this gets widely adopted, I'll have to get it sorted. At the moment, it's just easier to hit the back button.

I know resistance is futile, but I thought that was in the long run.

when VbV / MCSC goes live worldwide, there will be loads of information for merchants and cardholders and it'll be a lot easier for all concerned

until then, we have to make do with a messy system .........

Has anyone actually implemented this? How did it impact your conversions?

if the card issuer is enrolled and VbV/MCSC is available to the card holder, the card holder will see a pop-up window at payment time - enrolling or entering the pin number etc is "voluntary", although it doesn't actually say it's voluntary.

if the card issuer is not enrolled, or if they are enrolled by VbV/MCSC are not available on a particular card, there is no pop-up.

if there is an impact, it's tiny. we've had a couple of people query it because they use pop-up blockers and don't see the pop-ups, but they've still paid.

most cards go through normally without VbV/MCSC verification. maybe 10% are verified by cardholders that enrol / have already enrolled.

you make that sound so negative ...........
it's a *positive* thing

VbV/MCSC should be set up on all worldpay accounts by now
worldpay merchants don't need to do anything extra
worldpay merchants benefit from the extra guarantees of VbV/MCSC
very little (or no) impact on sales

when a sale comes in, the email from worldpay gives you the AVS/CVV results and their own anti-fraud check results (Worldalert) AND the VbV/MCSC results (whether the cardholder enrolled / verified or not etc)

simple............ that's all there is to it .......