The
credit card issuers realize that the inability of payer authentication leads to
credit card frauds. In addition, it causes:
Consumers are required to register with their banks and adopt a password or electronic wallet, depending on the implementation, the purchase process, they will either be prompted for the password (in addition to the card number) or complete the transaction using the electronic wallet.
Credit Card Payer Authentication Process (Chart 4)
Early in 1996, the Visa and MasterCard companies jointly developed the Secure Electronic Transaction (SET) that utilizes digital signatures to replace the handwritten signatures of offline commerce. SET is complex, requiring cardholder software and digital certificates to be installed on consumers’ PCs. It is also costly and thus never gained widely market acceptance.
In
late 2001, Visa International introduced a new payer authentication service
named Visa Payer Authentication Service (VPAS). It is promoted under the program
of “Verified by Visa” (http://www.usa.visa.com)
and makes it possible for online merchants to authenticate the buyer in advance
of purchase.
Merchants install a module, which initiates a “Verified by Visa” session whenever a registered cardholder proceeds to the checkout page and clicks the “Buy” button. Then, a window is created for the cardholder to enter confidential his/her password previously registered with the participating issuing bank or at the Verified by Visa Website. The issuing bank authenticates the cardholder and sends the merchant the response.
In 2002, MasterCard is going to launch Secure Payment Application (SPA) in the second quarter of 2002, which requires participation by the card issuer and the merchant as well as the cardholder to download a wallet application from the issuer. The Electronic wallet will automatically fill out payment information requested on your online order form. The new security component includes a unique cardholder authentication value for each transaction, which can be verified by the issuer during payment authorization.
l
AVS (Address
Verification Service)
l
CVN (Card
Verification Number)
l
Payer Authentication
l
Rules-based Fraud
Screens
l
Neural Net Fraud
Screens
l New Real-time Fusion Screening
AVS:Checks
to see that the billing address given by the customer matches the credit
card address on file with the bank. L
|
 |
 |
CVN:Card
issuers print an additional 3- or 4-digit card verification value in the
signature panel on the back of credit card. When shopping online, a prompt
for this 3- or 4-digit number in addition to address information enables
merchants an extra level of security and a higher level of validation than
just using AVS. Limitations
•
Can be spoofed
with stolen information •
Negative impact
on sales conversion if implemented poorly. One more checkout process
increase transaction abandon rates.
|
For
better security, we recommend that
You: |
| 1. Use a secure browser. Unsecured information sent over the Internet can be intercepted. A secure browser—one that encrypts or scrambles purchase information—is important. Online shoppers may check with the Internet service provider to see whether your browser is secure. |
| 2. Use address verification, card fraud management tools and services such as AVS and CVN. |
| 3. Use consumer-friendly technology. Merchant and credit-card companies need something tough enough to stop crooks. However, simple and consumer-friendly technology is more important because consumers usually abandon transactions when they feel it difficult to close transactions. |
| 4. Get credit card companies to collaborate with each other. Credit card companies should jointly design, launch, and promote fraud-reducing technologies together so that different card brand holders can shop without worrying about the payer authentication compatibility. |
