Forum Moderators: buckworks
I have a couple of questions about VbV. I have contacted two merchant processing companies that I work with, they don't have an answer for me.
Perhaps someone out there knows something about my questions and can provide some information.
Verified by Visa provides a mechanism for the cardholder to authorize a transaction using a password. The password is generated when they sign up for an account on the Visa web site.
My questions are as follows:
1) How would we handle a back-order situation where part of the order is shipped and charged at a date later than the bulk of the shipment. I believe there would need to be two charges.
2) How would we handle telephone orders? Sometimes customers do not want to order from our web sites, and they call their order in.
From what I understand, this password protection ensures the cardholder that their card will not be charged without their approval.
Thank you for your time and consideration.
Best Regards,
As far as I know, VBV does not support telephone or mail orders at this point.
But it seems like there are plenty of times when a CNP transaction is more like a "PNP" (person not present). And I don't really understand how that will work with VbV.
My guess is that the transaction will not necessarily be declined, merchants will just get dinged if they don't can't or won't have their customers authenticate through their system.
I am trying _not_ to be skeptical, but this is beginning to sound like something that is going to be difficult to implement. I suppose I should have decent faith that there are plenty of people much wiser than myself that have figured all these details out, and that these people will explain it to me at the appropriate time.
With regards to security and consumer protection, I favor a methodology that is "request and approval" based. Merchants, processors, and consumers are identified with digital signatures, these signatures authenticate the transactions. Initially a signature could be armored with a simple pin, however when the technology becomes more affordable the signatures could be armored with biometric / fingerprint etc.
There would need to be some decision made with regards to selecting SET, SSL or PGP. I believe that all have their pros and cons.
So you have your lunch at Jenny's and the bill for $14.95 is submitted by the employee to the payment gateway, that sends it through to your account. You receive a request for payment that has their authentic signature, and elect to approve or deny the transaction with your mark.
I could see this approval mechanism working through cell phones, pda's or plain old email. Perhaps it would create a situation where money can't fly out of one's account with automation and great speed, however perhaps one could pre-approve a set list of merchants.
Perhaps a digital signature mechanism would even make credit card numbers trivial enough to write on the bathroom wall. Sure, people could send "bogus digital invoices" to you for payment, however with the signature system it would seem logical that this kind of activity could be easily monitored and controlled.
Since there would likely be an acceptable amount of grace period between the request and the approval, it seems likely that they could apply the "time is money" rational to stale approvals, and place a surcharge on the amount.
Anyhow, that is my idea of a secure payment system. I feel that continuing to increase the length of the card number does not make me feel any safer - It still seems like I have my wallet wide open to anyone with inclination - as current transactions do not involve me in the approval process.
Take care,