3D secure - What's the verdict?

[deniser]

I'm thinking of switching over to 3D Secure for all transactions, not just Maestro as fraud levels are getting ridiculous (maybe the same as the burglar alarm things, if you don't have one and your neighbours do all the burglars gravitate towards you).

What have been your experiences, if you use it universally?

Does anyone have any statistics for people failing to complete payment because they are faced either with the sign up screen or having signed up once, because they have forgotten their password?

How does it affect overseas customers?

Would love to hear anyone's experiences.

 

[Astaroth]

A lot will depend on your implimentation of it (and people getting more comfortable with it).

Was involved with 2 implimentations right at the begining when general awareness of the process was very low. One site saw a circa 0.5% increase in drop offs which was inline with expectation given the extra boxes etc where as the other claimed to have seen a circa 10% increase. Both were blue chip clients and so you wouldn't expect a signficant trust issue.

Certainly negative selection is an issue but until the likes of PayPal change their systems to include 3D secure there will be many sites out there for the scammers to hit.

 

[OldWelshGuy]

as a shopper I hate it, especially given that my correct password has been refused in the past, so I went elsewhere to buy.

 

[kulture]

I did not know that you had a choice. I thought that it was up to the card issuer whether the card had 3d secure on it.

 

[CaterTrade]

As a shopper, I personally don't like it. I never seem to have the right password and have to create a new one each time. I fear it's the same issue as OWG has.

As a ecommerce store manager, I feel much more secure with it and you're not liable if fraud is used.

When a merchant does not use 3-D Secure they are liable for fraudulent transactions even if the transaction was properly authorized.

I'd rather not have to use it but I feel I do have to.

 

[EyalGur]

Hi,

I work in a Fraud Prevention consulting company (Fraudless) that has years of experience in supporting merchants before and while doing 3DSecure implementations.
This includes Usability recommendations, Best Practices and more ...

If you'd like please send me your email and i'll be happy to send you more information as well as a white paper.

Cheers,

Eyal Gur
Fraudless

 

[drounding]

As a shopper I hate it. It seems ridiculous that I have to have a password that is not reusable yet only require my date of birth to create a new one. As a result I can never remember my password and have to create a new one each time I use it.

As a merchant I think it's very good. Yet I'm amazed at the almost complete lack of marketing promotion to customers by the banks.

GrIDsure is a much better system in my opinion. This is a very clever, simple and effective security system. I wish it was implemented online as well as alongside CnP POS and ATMs.

 

[sysops]

I'm thinking of switching over to 3D Secure for all transactions, not just Maestro as fraud levels are getting ridiculous (maybe the same as the burglar alarm things, if you don't have one and your neighbours do all the burglars gravitate towards you).

You're spot on with that remark. We used to have very low levels of fraud, but as some of our main competitors started using 3DS, we saw this level rise significantly. This left us with little choice but to implement 3DS across all transactions.

Yes, it does result in a higher rate of abandonment, but far less so than it did when we first tried it 2 years ago.

It also results in increased customer support, because customers hate it, and you have to patiently explain to them that you didn't invent it.

All the "I hate it as a customer" posters - get used to it, it's not going anywhere.

 

[EyalGur]

As more UK merchants install 3DSecure (and the acceptance in the UK is very high) as more Fraud will target other merchants that didn't install this.

If impelemted right by the merchants, this shouldn't cause usability issues (of course it has to be implemented the right way by the issuers as well but in the UK the 3DSecure implementation by issuers is pretty good compared to other markets).

 

[sysops]

If impelemted right by the merchants, this shouldn't cause usability issues (of course it has to be implemented the right way by the issuers as well but in the UK the 3DSecure implementation by issuers is pretty good compared to other markets).

I hate hearing this over and over again, it is utter nonsense.

Of course there are inherent usability issues - and blaming it on poor merchant implementation (which is what everyone seems keen to do) is ridiculous.

Here's a list of some of the main issues which cause abandonment at the 3DS stage (I've studies this quite a bit).

1. Customer lack of awareness. If you are the first site where the customer has seen the 3DS screen, and they are a little nervous about online security, it's not uncommon for them to just close the browser down - "why are they asking for my date of birth? is this site fraudulent?"

2. Customer frustration at having to remember yet another password - they try a couple of different ones, they don't work, they walk away angry.

3. Delays in response from issuer, causing timeouts.

None of these things are under the control of the merchant, You can put all the reassuring logos and text you want, but the above still happens.

 

[gemd89]

I dont like it as a shopper, i feel we have to remember loads of passwords as it is, i always have to check paperwork and get the reminder email everytime im faced with it!

I see why retailers have it though!
Gemma

 

[Optegris]

It doesn't bother me in the slightest as a developer, retailer or customer. In fact I think the banks should force through the plans to make it mandatory on all sites without exception as it is proven to bring down card fraud.

Perfect example, my missus' card got cloned recently and she got stung for well over £500 at Zavvi and John Lewis Direct. Had they implemented 3D secure correctly the orders would not have been authorised.

People need to remember it's not just for the retailers protection but also for the customer.

 

[sysops]

People need to remember it's not just for the retailers protection but also for the customer.

How so?

(think about where the liability lies)

 

[deniser]

People need to remember it's not just for the retailers protection but also for the customer.

Well not at the moment. Cardholders can be utterly reckless with their card details/statement checking and they will still get all their money back.

I had one who only noticed that his card was being used fraudulently after 6 months. By which time the fraudster had built up a level of trust with me and presumably with countless other shops and got away with about £800 of my goods.

 

[Optegris]

How so?

(think about where the liability lies)

Liabilities aside, had the two sites above declined the order because the 3D secure password was wrong or not entered then she wouldn't have had the money ripped from her account (which took over two weeks to get back I might add)

 

[sysops]

Liabilities aside, had the two sites above declined the order because the 3D secure password was wrong or not entered then she wouldn't have had the money ripped from her account (which took over two weeks to get back I might add)

It may be an inconvenience, but it really is a non-issue - the consumer is 100% protected when buying with a credit card, the merchant has zero protection.

 

[Optegris]

It may be an inconvenience, but it really is a non-issue - the consumer is 100% protected when buying with a credit card, the merchant has zero protection.

Sorry but I disagree, this was a debit card for a start and had the merchants declined the order because 3D authentication failed, it would not have left her account. Simples.

 

[deniser]

Agree absolutely.

 

[deniser]

Sorry but I disagree, this was a debit card for a start and had the merchants declined the order because 3D authentication failed, it would not have left her account. Simples.

Wish everyone thought like that.

 

[FLAUK]

We had to turn it on in January for sites using Paypal Pro.

It has caused many abandonments since then and many complaints from cutomers who swear blind the correct password is being denied, even after they reset it.