3Dsecure

 
Post new topic   Reply to topic    34SP.com Forum Index // Non Members Questions
View previous topic :: View next topic  
Author Message
Guest






PostPosted: Thu Nov 01, 2007 2:47 pm    Post subject: 3Dsecure Reply with quote
34sp wrote:
If you have not registered for VbV or SecureCode donít worry. The next time you make a purchase online (through a 3Dsecure enabled merchant) you will be prompted to provide your details and create your password. The details you enter will be then submitted to your card issuer securely.


Why have 34sp implemented VbV, it makes customer transactions less secure.

Do 34sp offer alternative means of payment?

As a long-term existing customer (I was with 34sp when you offered SSH access), I don't particularly want to change web-hosts, simply because I can't pay you. But I will not sign up for a system which makes be more susceptible to fraud.[/quote]
Back to top
Guest






PostPosted: Thu Nov 01, 2007 2:48 pm    Post subject: Re: 3Dsecure Reply with quote
Anonymous wrote:
34sp wrote:
If you have not registered for VbV or SecureCode donít worry. The next time you make a purchase online (through a 3Dsecure enabled merchant) you will be prompted to provide your details and create your password. The details you enter will be then submitted to your card issuer securely.


Source: http://www.34sp.com/blog/official-news/3dsecure/
Back to top
Daniel
Administrator
Administrator


Joined: 20 Mar 2001
Posts: 1652
Location: Manchester, UK

PostPosted: Thu Nov 01, 2007 2:53 pm    Post subject: Reply with quote
How does VbV make transactions less secure? It's designed specifically to make transactions more secure.

We are happy to accept payment by cheques posted to us or by BACS transfer.
Back to top
View user's profile Send private message Visit poster's website
Guest






PostPosted: Thu Nov 01, 2007 5:46 pm    Post subject: Reply with quote
Daniel wrote:
How does VbV make transactions less secure? It's designed specifically to make transactions more secure.


It makes transactions more secure for the card issuer. If a fraudulent claim comes about the issue will blame the customer, since they use VbV and only the customer can know the necessary credentials for VbV.

That's absolute nonsense! First of all the sign-up process is completely flawed and wide open to phishing. When I sign up for VbV for the first time how can I be assured (as a non-technical user*) that I am actually communicating with visa? Furthermore this problem reoccurs with every single VbV transaction.

I will not use VbV. If a sites insists on VbV, I shop elsewhere. I pass on this advice to anybody who cares to listen.

I suspect if I google, others will share my opinion.


*technical users can check certificates** - well, actually, people with PhD's in PKI can check the certificate chains...
**I suspect (although I haven't confirmed) that this becomes even more difficult given that VbV may be presented in a frame (presumably [worringly] hiding the URL of visa)
Back to top
Guest






PostPosted: Thu Nov 01, 2007 5:50 pm    Post subject: Reply with quote
I would be interested to hear your thoughts on the subject. Given my previous post do you still believe VbV offers a more secure solution? From a corporate perspective, what do 34sp think?

To further my opinion, its bad for business, you're raising the bar to a sale! But, there's also some risk assessment involved. How much does fraud cost you per year, without VbV? How many sales will you lose because of VbV?

These may not be opinions that you wish to express on a public forum.
Back to top
say_ten
Forum Moderator
Forum Moderator


Joined: 03 Apr 2001
Posts: 1124
Location: Birmingham, UK

PostPosted: Fri Nov 02, 2007 9:37 am    Post subject: Reply with quote
3DSecure is an inevitability, the card issuers are beginning to reject online transactions that haven't been through the 3DSecure process. I'm sure 34SP will take more of a hit with all the Maestro cards that suddenly can't be processed that the odd person that refuses to sign up. It is true that it's clearly a move by the card issuers to move the fraud responsibility to the customer. However, it's no more of a phishing risk that the ones that are already capturing card details. As a side note, where we've implemented it (not 34SP) you leave our site entirely for that part.
_________________
With regards,

Say_Ten

http://www.sayten.34sp.com/ | http://www.multiplay.co.uk/
Back to top
View user's profile Send private message ICQ Number
Daniel
Administrator
Administrator


Joined: 20 Mar 2001
Posts: 1652
Location: Manchester, UK

PostPosted: Fri Nov 02, 2007 9:46 am    Post subject: Reply with quote
VbV does offer a more secure solution. Since its implementation on our site, we have seen less fraud making it through the card processing stage to be picked up by our own systems.

As Say_Ten says, it really is an inevitability. It is now appearing on more and more sites, and thus users are becoming more familiar with it - we were just ahead of the curve. Further to Say_Ten's point about card issuers rejecting transactions not submitted using 3Dsecure, in cases where they do allow them, there is often a surcharge for the transaction which the merchant (ie. 34SP.com) is liable for.

You are right that it's just one more step along the purchasing process and we're always keen to keep that number as low as possible, but this one does seem to have been effective. I would have liked the banks and card issuers to be a bit more proactive in letting their customers know that it was coming - we took a lot of calls for some time after it was introduced - but that period has now passed.
Back to top
View user's profile Send private message Visit poster's website
Guest






PostPosted: Fri Nov 02, 2007 11:49 am    Post subject: Reply with quote
Daniel wrote:
As Say_Ten says, it really is an inevitability.


I'm not convinced it is inevitable. It depends what customers think. At present I am not forced to use it and will continue to avoid it like the plague. As will my colleagues. But, security is our game! We clearly do not represent the general population.

Maybe if we convince someone with a big enough presence to have-a-go in the papers customers will start making their own opinions. Ross Anderson and Bruce Schneier spring to mind...
Back to top
say_ten
Forum Moderator
Forum Moderator


Joined: 03 Apr 2001
Posts: 1124
Location: Birmingham, UK

PostPosted: Fri Nov 02, 2007 3:35 pm    Post subject: Reply with quote
Because, to be blunt, like VISA, MASTERCARD, MAESTRO etc. will care about a few doom sayers. All you'll ultimately end up with is the inability to buy online while the rest of the world carries on.
_________________
With regards,

Say_Ten

http://www.sayten.34sp.com/ | http://www.multiplay.co.uk/
Back to top
View user's profile Send private message ICQ Number
Guest






PostPosted: Mon Nov 05, 2007 9:35 am    Post subject: Reply with quote
say_ten wrote:
Because, to be blunt, like VISA, MASTERCARD, MAESTRO etc. will care about a few doom sayers. All you'll ultimately end up with is the inability to buy online while the rest of the world carries on.


I can't see the big players seeing it the same way. Do you really think Amazon wants to create barriers to payment? I think not.
Back to top
philr
Super Member
Super Member


Joined: 05 Nov 2003
Posts: 990
Location: Exeter

PostPosted: Mon Nov 05, 2007 12:44 pm    Post subject: Reply with quote
I'd never heard of VbV until I saw this thread.

According to Google, the place to go for information on using VbV with my Lloyds TSB bank account is a website called securesuite.co.uk. Despite appearances, this domain is registered to someone/something called "cyota" (registrant type "unknown"), and hosted in New York. I have to say this all smells a bit phishy. :-/

Anyway, if this site is genuine, I won't be able to use VbV because it isn't supported for Lloyds TSB debit cards. Is it a required part of the payment process?
_________________
Phil Ronan
フィリップ・ローナン
Back to top
View user's profile Send private message Visit poster's website
say_ten
Forum Moderator
Forum Moderator


Joined: 03 Apr 2001
Posts: 1124
Location: Birmingham, UK

PostPosted: Tue Nov 06, 2007 9:09 am    Post subject: Reply with quote
Amazon won't have a choice. Basically, the card issuer and issuing bank decide if a card required 3DSecure authorisation. The site takes the card details, sends them to their online payment who then says how the transaction proceeds, i.e. 3DSecure required or the monies been taken. So if your card doesn't support it at the moment then you won't have any problems continuing to pay online. Any merchant not able to take 3DSecure payments will simply start getting not authed results from their payment provider, enforced by the bank/card issuer.
_________________
With regards,

Say_Ten

http://www.sayten.34sp.com/ | http://www.multiplay.co.uk/
Back to top
View user's profile Send private message ICQ Number
Post new topic   Reply to topic    34SP.com Forum Index // Non Members Questions All times are GMT
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You can vote in polls in this forum
Powered by phpBB © 2001, 2002 phpBB Group