Welcome to WebmasterWorld Guest from 54.162.50.232

Forum Moderators: buckworks

Message Too Old, No Replies

E.U. Proposals For Ecommerce Payments Will Require Extra Security Checks

     
5:28 pm on Nov 22, 2016 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24335
votes: 554


The European Union's Payment Services Directive 2 proposals for ecommerce transactions over 10 include making consumers go through additional security checks, eliminating the one-click shopping that some consumers have become used to using. If approved, it'll come into force in 2018.

"We do not normally take such a strong position on regulation," Kevin Jenkins, managing director of Visa UK and Ireland, told the BBC.

"It's just that in this particular instance we feel so strongly that the risk of rushing into legislation, which could take you back 10 or 15 years, is catastrophic," he said. E.U. Proposals For Ecommerce Payments Will Require Extra Security Checks [bbc.co.uk]


What do you think of the proposals? Is the ten Euro a reasonable figure to settle upon? It seems rather low to me.
6:31 pm on Nov 22, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 19, 2002
posts:3294
votes: 27


first off something does need to be done about credit card fraud online ...

i do think that 10 euros is somewhat low, especially as 'contactless' is available in bricks and mortar stores for under 20

however in a way it will advantage me as a small retailer, as i feel the one click payment options really help the likes of amazon, if it was 'harder' to pay on their site, it would encourage many to shop elsewhere, after all laziness is a big driver and that's why many people shop on amazon. (i include myself)
10:58 pm on Nov 22, 2016 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 15, 2001
posts:7649
votes: 28


To an extent, there has been an "opt-in" additional level of security available for quite some time. Some card issuers require a username and password to be inserted prior to the card details being processed (3D security). No doubt it is safer, but it can be a pain. I recently switched banks and I was revived to discover my new card was not enrolled in this scheme.

One issue I can see is, will card issuers enforce these proposed new security features or will they also be opt-in. if it is the later, will the level of protection against account fraud differ?

Mack.
2:30 am on Nov 23, 2016 (gmt 0)

Junior Member from GB 

10+ Year Member Top Contributors Of The Month

joined:Oct 16, 2002
posts: 182
votes: 3


The current proposal goes a good way past a simple username and password though (which can be saved in the browser for my card that is part of the program). The article states:

Mr Richards said under the plans, payments above 10 would require proof of at least two of the following:

  • a possession of the consumer, eg a card or phone
  • something known by the consumer, eg a password or code
  • a biometric feature of the consumer, eg a fingerprint
5:28 pm on Nov 23, 2016 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3394
votes: 39


In practice a passcode generator as already often used for online banking. One for my personal account and one for business is enough to manage, two more for my credit cards would be OTT.

On the other hand 3D security should be enforced more, If anything usage seems to be declining.
1:49 am on Nov 24, 2016 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2933
votes: 20


The most commonly used online payment system iDeal in the Netherlands has already an extra verification step at the bank's website before the payment is authorized. I am not under the impression that this has severe effects on online sales. People are used to it and it may give an extra feeling of safety to some that not an unknown online site owner is processing the financial part of the order, but their own bank.
9:30 am on Nov 24, 2016 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24335
votes: 554


topr8 I believe it's now up to 30

I also have a service with a two-step verification process, similar to lammert, and it works fine, imho. Nothing will process until you have that last step in place, even if you have stolen a card.

I've not heard of the description of "3D security."

I wonder if there's insufficient joined up thinking going on here from the EU. With a phone and credit cards, when visiting a store, you can use contactless to make a payment, and that current limit is above the proposed 10. As far as i'm aware, there is no further verification required: no pin, no further ID checks, etc. Steal a phone or a credit card and you're able to process contactless payments, even if they are relatively small. I know, that's not the same as online, of course, because the person has to be in attendance, with the card or phone, to process payment. With online, it could be anyone with the stolen details.

I'm happy to see some changes, but it should be across the board, and consistent, whatever service it is.

Oh, and I like the way that one of my card processors makes an automated contact to me when processing something. It's pretty much instant. The system double-checks it's me through various security measures before it authorises the payment. Not every time, but for certain values of transaction, and i've noticed it's also for certain types of transaction, such as airfares, technology, and in general, what may be classed at luxury items. So far it's never contacted me at the supermarket while i'm buying breakfast cereal and toilet rolls. I quite like the system, and i'm used to it. No more embarrassment in a line when a payment doesn't process and you're standing there talking on the phone while other people hear that your card is declined.

There's no doubt that there are now additional measures that can be used, such as biometrics. I just hope that there is consistency throughout as the fragmentation of payment systems and procedures is becoming confusing for consumers and for business.

If it's 10, why not make it any transaction, or raise the level to the same as contactless.
11:45 am on Nov 24, 2016 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:July 15, 2015
posts:104
votes: 39


This will only make it harder for small buisnesses and will just benifit...amazon and other big tech companies. YAY FOR BREXIST
7:45 am on Nov 30, 2016 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 17, 2015
posts: 84
votes: 24


It's been in place for 15 years already and quite the contrary, it will benefit smaller retailers as this primarily is for stored card detail websites, so a user on amazon will enter the code every time. Hackers are getting details of 40 million people a time on certain websites, some with card details if not cut off from an account.

As for the BBC's article, written by an idiot and interviewed an idiot from VISA which runs 'Verified by Visa', doesn't matter if it's Black Friday or Shrove Tuesday, if everyone has to enter a code, it takes the same time to purchase that amazing deal on cheap globalisation tat from Vietnam or Bangladesh. An item that was upped by 20% over the course of a year to give you 10% off just before Christmas.

VISA should be happy, who pays more for transaction fees, Amazon or small retailer? VISA will be very happy if people move away from Amazon to smaller retailers. I don't think it will have any effect whatsoever. When you have to enter pin with your contactless card in a shop, do you give up and walk out?
6:26 am on Dec 8, 2016 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2648
votes: 85


More useful article here:

[computerweekly.com ]

I've not heard of the description of "3D security."


It is,"3D Secure", a collective name for a system used by the three big card issuers:

[mastercard.com ]