business

Visa's New Online Security Blanket

The credit-card giant hopes its new Verified by Visa password program will cut down on fraud -- and lure wary shoppers into e-stores

By Alex Salkever

This holiday season, at least one credit-card giant wants to play the Grinch to online fraudsters. In early December, Visa, a purchase-processing cooperative comprising 21,000 member banks, went live with "Verified by Visa." This new program aims to give credit-card holders extra security by requiring an additional password for online transactions. When a customer clicks on the final "buy" button, a secure browser window pops up asking for the new code, which the customer registers with the bank that issued the card. Only if the customer enters the correct pass code will the bank green-light the purchase.

The Verified by Visa system won't replace the existing process for entering your card number and typing in the billing address. But by requiring consumers to provide a password that is not actually printed on the card, banks and merchants have a better chance of making sure the person making the transaction is the rightful user of the card. In that way, the program mirrors automated teller machine (ATM) transactions.

Free to consumers, Visa has already signed up 25 big e-tailers to participate in the program, including Buy.com and Tickets.com. To date, however, only seven banks are participating. But by the middle of January, Visa expects 50% of all credit cards it has issued will be eligible for the program, according to Stacey Pinkerd, senior vice-president for e-commerce products at Visa U.S.A. He hopes the new program will reduce online fraud by half, a much needed improvement as it now runs three times the rate of offline credit-card fraud. I spoke to Pinkerd about the new program on Dec. 15. Following are edited excerpts of our conversation:

Q: What's the inducement to get people to sign up for this? Is it mandatory for those who want to shop at some e-merchants?

A:

There is no mandate. We think the value of the program will drive adoption. We have a number of merchants that are in the queue for getting this rolled out. The reason they are interested in it is they want to be able to authenticate consumers [via a third party], which is something they can't do today. That offers them the ability to reduce fraud. It could also help reduce financial disputes.

This is about consumer confidence. There are 50 million to 60 million consumers that we classified as browsers. These are people who are online and shopping around but not actually buying. Most of them say the primary reason they aren't buying is they are concerned about credit-card security. We did a survey last month: Seventy percent of the consumers interviewed said they would feel more confident if they had this password security system in place.

Q: Does this offer more security than existing security systems? Many merchants are already asking for the three-digit number printed on the card and the billing address of the cardholder.

A:

Visa has a number of different initiatives around creating a more secure e-commerce environment. Verified by Visa is just another tool in that arsenal. If you think about that CVV number -­ card verification value, the three-digit number printed on that panel ­- that proves to the merchant that the card is there and whoever is doing the transaction has a physical card in their possession.

What it doesn't prove is that that is an authorized user of the card. That's where Verified by Visa comes in as a complement. With both programs, the merchant has a two-factor authentication system. The CVV is validated by the card issuer. The password has to be validated by the issuer, too. So the issuer and the merchant know that there is something the cardholder has and something they know.

Q: How much of an impact do you anticipate this will have on improving sales?

A:

This could really make a difference for two groups in particular. One group is the browsers we talked about. Another [is the] group of people who are online and buying from only a select circle of their trusted merchants. They're concerned about giving their card numbers to other merchants beyond that circle. If we can expand that by making consumers feel better about merchants, then that expands the use of the channel and benefits everybody.

Salkever covers computer security issues twice a month in his Security Net column, only on BusinessWeek Online

Edited by Douglas Harbrecht

    Before it's here, it's on the Bloomberg Terminal. LEARN MORE