February 27, 2003

Online merchants will soon be able to shift fraud liability to issuing banks by participating in new customer authentication programs from Visa and MasterCard.

Beginning April 1, online merchants will be able to shift liability automatically simply by attempting to use either of the two authentication schemes, Verified by Visa and-in selected regions outside the U.S.-SecureCode from MasterCard. "Even if the cardholder isn't enrolled, or even if the issuing bank is not enrolled in the program, the merchant will no longer bear the liability if it attempts to verify a transaction," said Katherine Hutchison, vice president of marketing for ClearCommerce, an Austin, Texas-based e-commerce software company.

Merchants need only install a plug-in on their e-commerce servers in order to shift liability for chargebacks to the issuing banks. On the other side, issuing banks can deploy corresponding "access control servers" that respond to such merchant requests for authentication.

Merchants never gain access to customers' PINs during the authentication process. Instead, they request the issuing bank to authenticate its own customer. Regardless of whether the issuing bank can do so, the bank will be responsible if and when a customer repudiates a transaction, even if neither bank nor customer were participants in the authentication program.

That added responsibility gives banks ample incentive to adopt and promote the program. "Looking at the top 12 global issuers, eight of them have already moved forward," said Naftali Bennett, president and CEO of Cyota, a supplier of access control servers. Seven of the top 12 issuers are Cyota customers.

Concord EFS, an ATM and debit transaction network, has tapped Cyota's SecureSuite platform to provide MasterCard SecureCode and Verified by Visa to its 6,200 financial institution clients. Concord will install SecureSuite at its data centers. It is the first switch processor to implement and provide MasterCard SecureCode and Verified by Visa from within its own data centers.

The authentication schemes, which involve the secure creation of a user ID and password for online card purchases, are being touted by the card associations as an antidote to online fraud.

"We're going to see some strong incentives by Visa here in the U.S. in the first few years to actively encourage adoption, until they can get a critical mass and have it be part of the infrastructure," said Hutchison.

Indeed, card issuers have been experimenting with techniques to get customers to enroll, quickly and securely. "The adoption is actually very rapid because there is no need to download anything, and in fact the issuers have found mechanisms to boost adoption," said Bennett. "We're seeing many thousands of enrollments a day with our client base."

The first wave of online enrollment has been directed at the riskiest clients. "If it's a good client, you might be less concerned," said Bennett. "But if you see there's a client that has a pattern of chargebacks, you'd want that client to enroll, and you might actually force them to enroll."

Issuers also stand to reap marketing benefits. "There's a general inclination, or understanding within issuers, that cardholders will try to route their online transactions all with one card," said Bennett. "In many cases, issuers want to be that card, and so acting fast and being the first can make sense."

"Each issuer will have to decide how they want to balance the assumption of the risk of taking on bad transactions on the one hand, with the risk of saying no to good transactions on the other," added Bennett.

On the merchant side, financial institutions have become more aggressive in supporting e-commerce.

"Financial institutions are noticing some of their largest physical retail customers entering into what we call multichannel retail," said Hutchison.

"If they do not have an answer in the Internet commerce space, they either lose that portion of the retailer's business, or they lose the retailer entirely," she added.

Banks have an opportunity to become "commerce service providers," she said. "Financial institutions are the ones, on a global basis, that are stepping up to the plate and offering these hosting services on behalf of merchants."

"With the growth of additional payment mechanisms such as loyalty cards, private purchase cards, and now increasingly electronic check, the banks want to own that whole business for the retailers," she added. ClearCommerce recently implemented online payments, risk management and authentication software solution for HSBC in the U.K.

ABOUT THE AUTHOR