Trying to Make Online Shopping More Secure - Useless - Please Enrol in 3D Secure

Due to Chip and Pin, the number of online fraudulent transactions (by fraudsters) has increased since they do not need a PIN number to use your cards if they have stolen/cloned it/got the numbers from somewhere. Mastercard and Visa have introduced a good system so that when you have entered your card details, you enter three letters from a password before the payment will go through for verification. It is so easy to enrol in this scheme, and the password makes it almost impossible for anyone who is illegitimately using your card to make a purchase to complete the transaction. This scheme has been in place for over a year now, and we online traders are encouraged to use it to minimise the risk of fraud (something we are obliged to do under our Merchant T&C). Three times I have tried to implement it, but every time I do, we have more orders that never go through than those which do, and our business would fail, so we end up switching it off again. PLEASE enrol in this scheme, both for your protection and ours - it only takes a moment, and you are only required to enrol once - remember the password and use it for all MC/Visa transactions where 3D Secure is implemented. Under these difficult trading conditions, and increasing threat of fraud, we have to cooperate to beat the fraudsters and at the same time ensure that our businesses can actually remain trading. Thank you.

Reply to
Maria
Loading thread data ...

You're up late.

Interesting viewpoint. Can you tell me how it is for my protection?

In these times of hardship retailers need to be making it oh so easy for their customers and their customers will stick with them. My main supplier soft-coats me into shopping with them, it's easy, I like the web site, there's a stack-load of information, and a customer service rep who is pleasant to talk to. I probably spend 25k/year with them or

30k in a good year. The second supplier insists I phone up, he's ok to talk to, I can't browse and humm-and-ahh I probably spend 10k/year with him. There is no difference in the price, in fact the main supplier I tend not to negotiate on price so probably pay a little more.

3D Secure is a PITA to use, I can't ever remember my passwords, and if it comes up I goto a different site who doesn't use it. Me making life easier for you isn't the game. Soft-soaping your customers is.

Reply to
Martin

Work work work...

Because it is your card that is at risk - it is you that will have to go to the hassle of trying to get money refunded if your card is cloned or stolen. What's more it could be some time before you realise that your card has been cloned or stolen, and the thief could have spent thousands on it...I don't really understand the question - I would have thought it self-evident. Do you not feel that you have any responsibility for your credit card? What about your wallet? As a retailer, I will promise not to process any transactions that look dodgy, but that does not mean that all retailers are as conscientious about it - I could just process all the payments and hope that none ever get charged back. I hope I am being a responsible retailer to that effect. I think that people should take similar responsibility for their belongings. If they don't want to, then I hope they will not complain that it happens to them - card fraud is a fact of life and isn't going away because people feel put out by it.

If we are not making a profit, it doesn't matter how easy it is - we are finished. This is a business...

Is this retail or wholesale? I mostly only do telephone payments with wholesalers.

I can't see why - all my cards with one bank have the same password. It might look annoying, but you soon get used to it, and if you do online banking, you are required to enter more information than that.

Sooner or later, we will be required to use it I'm afraid.

It isn't about you making my life easier - it's about you taking measures to ensure you are not ripped off. ? Still, it's your card and it's your choice.

Reply to
Maria

In message , Maria wrote

In my experience as a customer it's a complete pain in the arse to be directed away from a merchants secure site to re-enter details that I've already supplied into some third party 'unknown' site that is often slow and times out.

When a seller makes payment for goods so difficult I usually abandon the purchase. Judging from you observation it's not that people haven't signed up but that the system doesn't work very well and people cannot actually pay for the goods. Often the card verification web pages and the way they are linked into the sellers web pages give the appearance of a phishing site!

What's wrong with the sellers only requiring these additional 'safeguards' when the goods are to be supplied to an address that isn't the card holders registered address?

Reply to
Alan

Ahhhh. Work, the curse of the drinking class.

Well now, I can see it being good for the retailer. If someone who has my card number (and it's hardly the biggest secret in the world) makes a fraudulent transaction then the banks have to do a refund, they will reverse the transaction with the retailer who will not only have additional charges to pay for the reversal but might have shipped goods.

It's no hassle to me because I'm covered, it's no hassle for the banks, they are covered, the one exposed is you. So it's a simple question, how does it benefit me?

... >Is this retail or wholesale? I mostly only do telephone payments with wholesalers.

Servers mainly. Neither retail nor wholesale. I tend not to buy them in in batches :)

Well it diverts you another unknown website and starts asking for security information. That is where I hang up on the transaction or if I really need it call the bank or get it entered manually. It's way too easy to forge these things using DNS insertion, fake certificates, or even just a fake website hanging off the merchant site (that wouldn't work on me because I do check the certificate). How do I know it's my bank and not a rogue site? I don't do online banking for the same reason, until they start to issue tokens or something similar.

Not true.

Ahh back to that again. It's not me who can be ripped off with a fraudulent transaction, it's you.

:)

Reply to
Martin

'Maria' wrote this:

I take it when you say "fail" you mean that many customers haven't registered and when faced with the security screen, disconnect?

Reply to
aracari

...

You sound like a sensible chap. Exactly my experience and for the same reasons as well.

Reply to
Martin

How is this better than "verified by VISA"?

Reply to
brightside S9

Because you are "covered" means it's no hassle?

Unusual way of looking at it.

Reply to
PeterSaxton

I have no way of knowing how far they get - Protx just tells me that they have 'closed their browser due to 15 minutes of inactivity'.

Reply to
Maria

Mine is supplied by my card issuing bank, Natwest, so I presumed that it would not appear as an 'unknown' site to other people, but their card issuer's site. When I had to enrol on it to purchase something, it was just a seperate Natwest window - IIRC it asked me for my DOB and postcode to prove I was the cardholder, asked me to register a password, and then immediately returned me to the checkout pages of the site to continue what I was doing. I've never had it time out - maybe for other card issuing banks it's a different story, and it hadn't occurred to me that the was happening. Thanks.

There is no way of doing that - we can only force the 3D rules by setting value parameters for the transaction. NB A merchant bank rep I was talking to a while back told me there was no way that online retailers should even agree to send to any address other than the cardholders, though most business seems to.

I'm a little confused as to people's reluctance to engage with it (I know it is a problem as I have seen forum discussions about the volume of sales lost by retailers after implementing 3D) - it's just an online version of Chip & Pin.

Just to reiterate, my reason for posting this is the same reason I have posted before about the frustration of seeing payment after payment made with people's obviously stolen cards and no-one to report it to or to inform the cardholder. If people would use this system, at least for Visa and Mastercard, there would not point in the fraudsters even trying. This type of fraud increased 14% last year, so I personally really want to do something about it, as the banks and police are so ambivalent about it. Those left to pick up the pieces are the cardholder and the retailer who will just receive a chargeback.

Reply to
Maria

Same thing (Verified by Visa and Mastercode both use 3D Secure which is the system they developed)

Reply to
Maria

Whoops..forgot the cite

formatting link

Reply to
Maria

Verified by Visa is rubbish.

The only information you need in addition to the stuff on your card is your DoB. Lots of people will have this.

And if you get your password wrong too many times, you are just prompted to enter a new one, with no more information to provide than when you set it up.

And my main objection is that you don't have to go to a special website to sign up to it - if you aren't registered already the trader will redirect you to the sign-up site - which could easily be phished by an unscrupulous trader.

Reply to
Max Demian

What would you do then? Hold it up to a webcam next to your mug?

Reply to
Max Demian

Ok, good points, thank you.

Reply to
Maria

In message , count 2 wrote

I used to have a credit card with a photograph and the signature inserted at the time of manufacture. When Abbey took the business they dropped the photograph.

Reply to
Alan

IME you don't need to enter any details at all. I assume the referring site passes the CC details automagically. IME you are simply asked to enter 3 designated characters of your password and the transaction is completed. Probably costs around 15 seconds extra of time.

Reply to
Cynic

For some types of goods it would be completely impractical for me to accept delivery at my home address, and for the rest it is a PITA to do so.

If there is usually nobody at home during working hours it makes far more sense to take delivery at your work address.

I have on occassion ordered large, heavy goods that I need to use on my boat. I need to have them delivered (by lorry) to where my boat is kept. Delivering such items to my home address would be useless to me, because I would then have to arrange separate transport to my boat.

Reply to
Cynic

I agree entirely - the problem is that a common feature of a fraudulent transaction is where they have the entire card details of someone, somehow, but have it delivered to a different address. There are some websites which don't allow different shipping address, but we do because so many of our customers are students away at college.

Reply to
Maria

BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.