In order to encourage merchant uptake of their security initiatives the card schemes have removed the liability for 'chargebacks' i.e. where the consumer denies they made a card purchase for which they have been billed, from merchants. Consequently, Visa announced that from April 2003 merchants will not have to meet the cost of charge backs regardless of whether the card issuer is participating in Verified by Visa or whether the cardholder is enrolled. From November 2002 MasterCard announced that card issuers would no longer be able to pass the cost of a fraudulent transaction on to merchants assuming the cardholder is enrolled in SecureCode and used the system to make the purchase in question. This year MasterCard will consider shifting the liability for all transactions away from merchants, in cases where the cardholder is authenticated by the merchant.
The liability shift from merchants to card issuers should be regarded as a masterstroke by the card schemes. As merchants pass on liability to card issuers there will be added incentive for card issuers not only to adopt the security initiatives but also to promote cardholder uptake. It is at the card issuer's website that consumers enroll for the initiatives and hence it is card issuers who will be in the best position to promote adoption. Higher rates of cardholder adoption will encourage more merchants to adopt the technology and hence generate even more incentive for card issuers to promote further adoption. Thus, the card schemes have generated a self-perpetuating system of cardholder and merchant adoption and card issuer promotion.
The number of merchants, issuers and cardholders enrolled in Verified by Visa is increasing rapidly
Visa is so far winning the race to ensure maximum merchant and issuer acceptance and cardholder adoption. More than 100 merchants in the US and EU now accept payments made using Verified by Visa and more than 6,000 card issuers now offer Verified by Visa to their cardholders. The number of cardholders enrolled in Verified by Visa is now believed to be well in advance of 10 million. MasterCard and Maestro are some way behind Visa in terms of the number of merchants, issuers and cardholders enrolled. Both card schemes are, however, working on merchant and card issuer acceptance and are likely to launch major cardholder focused marketing campaigns in the near future.
Alex Boorman, Datamonitor financial services analyst and author of the report noted: "Our research predicts that consumer eCommerce payment volumes will continue to increase in coming years such that volumes could surpass EUR200 billion by 2007. However, the growth of eCommerce volumes will be followed by a coincident rise in online card fraud as measures to tackle offline fraud are successful, encouraging fraudsters to seek opportunities in the online space; and the card scheme security initiatives are not extensive enough to provide much of a deterrent. Given this situation the card schemes must work hard to boost acceptance and enrolment as quickly as possible. The card schemes are already doing this to a degree, although there is much more that they can do. That they do so is critical for only widespread acceptance and enrollment by all parties will guarantee the initiatives' success."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.