The Business of Software

This is @Ryan from the post below.

I'm just about to set up my shopping cart using a merchant account and a payment gateway provider.

Part of the setup are these Visa and Master card anti fraud frameworks - Verified by...

I have considered taking this option cause I figure it would reduce fraud now I hear they are not such a hot idea.

Can you share why?

Thanks

You mean the thing where my bank pops up a password dialog that stops me from completing my transaction?

For non-technical users it will be very confusing, especially if it's the first time they've seen it and they have to go through a whole other enrollment process.

Do you want my damn money or do you want to put up *yet another* roadblock to completing the transaction?

Don't do it, it's annoying as hell. I couldn't remember my password the last time I had to do it at Newegg. The order went through anyway without the verification, so I don't know how much good it does.

capital one have something similar..

first few times that appeared it got closed *very* fast, especially since it looks like a phishing thingy

on closer inspection it appears they want me to agree to some new terms to use my card on line, basically saying i agree never to do a chargeback for an on line purchase..

um and I'd agree to that why?

gave up and just phoned my order through, more protection for me.

these 'security' things are good (not) what better way to make phishing easy than to pop up a window, and hide the address bar, to request card details..

back to the drawing board

I agree with the posts above: DON'T DO IT.
You will lose sales if you do.

I'm speaking from experience.

And yes, it's annoying as hell to me as a customer.

"Verified by Visa" requires me to remember a password in order to use MY OWN CREDIT CARD.

That pisses me off, and I can guarantee I won't buy your product if you use it.

You asked for it...

<rant pullpunches="false">

VbV is just insane because the pass control back to the issuing bank. There is no real control or anything. Whether or not the transaction completes is anyone's guess.

VbV has:

* Stopped me completely from purchasing
* Caused a simple transation to take much much longer than it should (is over 10 minutes acceptible?)
* Completed transactions where the transaction wasn't completed (notifying the user is usually a good thing...)
* Caused double charges (as above, if you don't notify the user that it went through...)

WTF? It's the payment gateway's job to take care of things. Passing it off to the issuing bank is just pure BS. The customer should not be exposed to that.

I can only speak for the pure hell that VbV is for me, but really... Do you want to stick yet another redundant stupid obstacle inbetween the customer and their completing a transaction?

The core of the problem is that there are no standards for the UI or how the transactions are done. VbV just lets the issuing banks run rampant with whatever they darn well feel like. WTF? Who in their right mind would do that? There needs to be some leeway, but anything goes? That's a bit much.

Here's just how completely insane my local bank is...

They REQUIRE ActiveX to do anything at all.
They install MULTIPLE ActiveX components.
They REQUIRE Windows ONLY.
They REQUIRE Internet Explorer. (6 works better than 7)
They DO NOT use SSL. (https) They use only HTTP.
Their multifactor authentication requires:
* 1 login ID
* 3 different passwords
* a security certificate (password protected)
* a security card with about 30 or so 4-digit numbers on it
Some of their web pages do not render text properly and all I get it garbage. Switching the encoding is not possible thanks to how they've got things set up. (i.e. They don't have the intelligence to set the character encoding of the page...)

Everytime I use their web site, I am guaranteed that my machine will f***up and shit will go very f***ing wrong. The ActiveX stuff they use is buggy at best. Just how in god's name do you manage to cause a bluescreen from a web page?

Yes. I've had the infamous BSOD from their web site. More than once.

Doing a single transaction that should take no more than 2~3 minutes is guaranteed to take me at least 1 hour or more after I begin to repair the damage that the web site has done to my computer.

Allowing that kind of utter incompetence and insanity is totally irresponsible on Visa's part.

Visa should have the good sense to have a reasonable set of standards for their issuing banks to follow. They don't.

It's kind of like parents (Visa) sending their children (customers) to a daycare center (web site) run by pedophiles (issuing bank). I have no interest in seeing my customers get f***ed.

It's fine to use a service that has VbV (it will work for some people), but at least offer an alternative that doesn't (for those that it doesn't work for).

</rant>

Sigh...

Just my $0.02, or $50, or $200, or... Depends on how much you're charging for your product when I go to buy it...

I'm surprised by the reaction to this...at least from a user's point of view, I've never had any problem with VbV... it asks me my password and I'm done, no problems.

We've had to implement Verified by Visa (aka Mastercard Securecode and 3d-secure) for a number of ecommerce clients we deal with. It is a huge turn off for customers (lots of drop outs in the sales process), but unfortunately here in the UK its *mandatory* for merchants who want to take payment from certain types of cards (Maestro, aka Switch, which is very popular in the UK)

The only merchant benefit is the liability shift from you to the card issuer for fraudulent transactions (when customers have completed the 3d secure process). This can be a huge deal for people who have lots of fraudulent transactions and get stung for hundreds of chargebacks, but IMO it is a shocking implementation that kills customer confidence in your site, and if you are able to its worth steering clear of .

James

If you can't remember the password you set up for your credit card how the hell do you remember your atm pin?

These programs work for both sides both merchant and consumer.

The times I've been presented with VbV or MCSC have not been through a pop-up. Maybe back in 2000 it was but the programs have adapted since then.