Internet Security on CommWeb

MasterCard SecureCode and Verified by Visa are online security programs designed to make Internet transactions safer.

Building consumer confidence – online security program for merchants
MasterCard SecureCode and Verified by Visa are an easy, cost-effective way of promoting customer confidence in Internet transactions by authenticating the cardholder at the point of purchase with a password. If the merchant implements these programs, the liability for unauthorised card use shifts from the merchant to the cardholder’s issuer.

Merchant benefits:

• Greater confidence in online payments by enhancing the security and integrity of Internet transactions
• Facilitates growth in online shopping
• Reduction in fraud exposure
• Reduction in chargeback liability
• Less operational expenses (fraud and dispute handling).

Customer benefits:

• Ease of use
• Reduced risk of unauthorised card use
• Cardholder’s identity is verified by their own bank
• Customer can choose to make payments only on merchant sites that have implemented the program.

How do MasterCard SecureCode and Verified by Visa Work?
MasterCard SecureCode and Verified by Visa were designed to alleviate online security concerns. When a cardholder makes a payment on a web site, he or she is required to enter their password in a pop-up box from his or her card issuer. If the password is entered correctly, the cardholder’s identity is authenticated, and the transaction is then sent normally for authorisation. It is a small additional step in the payment process which verifies the identity of the cardholder. The process is similar to the authentication of a debit cardholder with a PIN at an automatic teller machine (ATM).

Payment steps:

• The customer (cardholder) shops at a merchant website and proceeds to initiate card payment
• The cardholder is redirected to the Commonwealth Bank payment page
• The cardholder selects the card type and enters their card details. The CommWeb gateway automatically links the cardholder to the appropriate card issuer to verify their identity
• A pop-up screen requests the cardholder’s password. If it is submitted and authenticated, the payment process continues to authorisation

Liability shift for charge-backs
Most charge-backs in electronic commerce are ‘No Cardholder Authorisation’ charge-backs - the cardholder either denies responsibility for the transaction or the merchant lacks evidence of the cardholder’s authorisation of the transaction. Effective 1 April 2003, the liability for electronic commerce transactions will shift from the merchant to the card issuer when:

• The merchant is fully enabled for MasterCard SecureCode or Verified by Visa
• The issuer authenticates the cardholder using MasterCard SecureCode or Verified by Visa
• Following cardholder authentication, the issuer authorises the transaction and the merchant receives a response code from the acquirer confirming approval

Some exceptions apply, but in the majority of cases when the cardholder is authenticated, the card issuing financial institution will not be able to successfully charge the transaction back on behalf of the cardholder because the cardholder claims the transaction was not authorised.

How do I get enabled for MasterCard SecureCode and Verified by Visa?
The requirements for merchants are quite straightforward. To implement MasterCard SecureCode and Verified by Visa you are required to use Commonwealth Bank’s e-commerce payment service CommWeb, install the newest version release of the software, and test your integration.

Once this integration is completed, it is up to the cardholder’s issuer to authenticate its cardholders for online transactions. You can concentrate on fulfilling orders rather than on transaction authentication concerns.

Cardholder registration
MasterCard SecureCode and Verified by Visa address consumer concerns by enabling cardholders to add a password to their existing MasterCard or Visa card. This will help prevent fraud by ensuring that only the cardholder can use their credit card online. When consumers proceed to payment on a web site, the MasterCard SecureCode or Verified by Visa screen appears, and the consumer enters their password and submits it. If the issuing bank verifies their identity, they can proceed with the purchase.

Cardholders are able to register their credit cards with their bank if their bank has decided to adopt these programs.

Find out more about registering your Commonwealth Bank issued credit cards for MasterCard SecureCode and Verified by Visa.

This service is a feature of CommWeb, our e-commerce payment service. 

 

• Important information. As this advice has been prepared without considering your objectives, financial situation or needs, you should, before acting on the advice, consider its appropriateness to your circumstances. View our Financial Services Guide (PDF 59kb).