Community

Nice article Sanat. 

The development of mobile commerce has "blurred the line" between traditional retail, and traditional eCommerce.  Now we have transactions generated on mobile devices, that can be either Cardholder Present, or Cardholder Not Present. 

This is not a situation that is currently supported by the Card Schemes - as per usual, technology has evolved faster than the Schemes' ability to react. 

A grey area is opening up between what is now possible, and what is supported by the Card Schemes.  This is something that needs to be addressed.

A similar issue applies to resetting of 3D Secure (i.e. SecureCode/Verified by Visa) passwords for credit/debit purchases online. 

The password reset requirements are defined on a per-Issuer basis.  I have seen one Issuer who only requires your Date of Birth & credit limit to allow your password to be reset.  The first piece of information is publically available, and the second can easily be guessed (e.g. £5,000, £10,000 etc).

This obviously completely undermines the whole point of 3D Secure - to improve the security of online transactions.  It will be interesting to see how this develops, as cardholders have very few chargeback rights on 3D Secure transactions.  It is assumed that if 3D Secure is used, the cardholder was involved, or that they compromised their own security, and as such are responsible for the transaction.

John Clarke (www.worldnettps.com)

I agree with the Finextra verdict here - nice technical solution, but what consumer problem is it solving?  And if there are not major consumer benefits, how will it gain traction?