The protracted demise of the Secure Electronic Transaction protocol (otherwise known as SET) is now complete. Designed to bolster fraud prevention on Internet credit card transactions, SET was beleaguered by complexities that made full implementation untenable.
Still, with the laborious passing of SET, new and improved approaches to securing online transactions are visible on the horizon. And many of these enhanced security protocols will provide the degree of consumer authentication needed to decrease problematic fraud and chargeback levels for online transactions – very good news for online merchants.
Good news indeed, principally because the current SSL (Secure Sockets Layer) protocol was not designed to protect online business from fraudulent use of stolen credit cards. Though SSL provides very important encryption for credit card data – and a secure medium of transmission – consumer authentication on card-not-present transactions is not part of the SSL protocol. Similarly, SSL does not insulate credit card data on merchant servers. Unfortunately, short of deploying elaborate fraud detection systems (that attempt to flush out suspect ordering activity), cardholder authentication remains a major e-commerce snag – at least for the moment.
Designed to remedy security problems, SET was developed in 1996. However, the technical and bandwidth requirements of SET, as well as mounting complexities involved in full realization, created a situation in which SET’s disadvantages outweighed it’s potential benefits.
Currently, there are a number secure transaction models competing to replace SET, and each concentrates on more comprehensive protocols for authenticating customers during card-not-present transactions. In all cases, more data is required from the consumer than the current inadequate standard of credit card number combined with expiration date. Most importantly for online merchants, more and more liability for chargebacks will fall on the consumer, which should radically decrease abuse of ‘consumer-friendly’ credit card policies.
First, there is the Payer Authorization model in which the credit card company issues a password or PIN number to the cardholder to be used during card-not-present transactions. During a sale, a pre-authorization process requires that your customers enter a password along with the credit card number. The merchant is then notified of consumer authenticity – or potential fraud. If the card issuer verifies the password, the merchant transmits an authorization message and the pre-authorization process is concluded successfully.
American Express’ ‘Private Payments’ model for secure transactions operates on the same principle as the Payer Authorization model – except for one key difference: for each online transaction the consumer must go to the American Express website to receive a ‘disposable’ transaction number to be used in conjunction with the credit card number. The transaction number can only be used once and is rendered inoperative after a transaction is made. To receive the transaction number in the first place, the cardholder must provide a user name and password at the Private Payments site.
The last model, the Visa Smart Card program, basically strives to emulate the ‘swipe’ of physical point-of-sale transactions combined with PIN number security. For these transactions, the card issuer must issue ‘smart’ credit cards loaded with microchips that can authenticate user identity. Of course, the consumer will also have to have a terminal connected to his/her PC in which to swipe the card. A PIN number then activates the credit card data locked in the smart card microchip.
Because each of these models require passwords or PIN numbers, all provide relatively strong anti-fraud protection in cases where credit card numbers are stolen or hacked en masse. As a result, these security developments should go a long way in improving consumer confidence in the Internet as a viable, secure environment for transacting business.
Of perhaps greater significance to online merchants, the authentication protocols require more consumer data than current systems and the capacity to confirm cardholder identity is greatly enhanced. This means less fraud exposure and one very significant ancillary benefit: more and more chargeback liability will rest with the consumer – and this is very good news for those e-businesses suffering from damaging chargeback fees and exorbitant fraud levels.
See Also:
- Why You Need an Add URL Page
- A Tale Of Two Sites
- Don’t Duplicate…Differentiate!
- The Continuing Battle Against Online Fraud
- Taking Care of the Pennies
- How To Recession-Proof Your Business
- Your Fulfillment Choices
- The Silent Thief – How to Get Rid of TopText
- A Checklist for Accepting Credit Cards Online
- Five Questions That Will Help YOU Succeed Online
- Back To “E” Basics
- Beyond SET: Enhanced Security for Online Transactions
- Just How Serious is Online Fraud?
- Your Direct Channel to Customer Service
- Online Customer Service: Best (and Worst) Practices
- How to Survive the Dot.Com Shakeout
- Step-by-Step to Your Own Profitable Web Business
- Where Do Average People Find Business Success?
- What’s REALLY Required To Start An Online Home Business?
- CRM in SmallBiz: Disappointing Misconceptions
Related Posts:
- Enabling Technologies – Secure Electronic Transactions (SET) - TweetSET is the Secure Electronic Transaction protocol developed by Visa and MasterCard specifically for enabling secure credit card transactions on the Internet. It uses digital...
- How to Accept Credit Cards Online - TweetA Web merchant faces many challenges when setting up his or her first online store, but the most daunting of all is often the establishment...
- Enabling Technology Resources - TweetSecurity VeriSign Pretty Good Privacy Entrust Technologies Secure Sockets Layer (SSL) How SSL Security Works Windows Security – Secure Socket Layer Secure Electronic Transactions (SET)...
- Enabling Technologies – Frequently Asked Questions (FAQ) - TweetWhy is encryption needed for Web commerce? Encryption performs four key functions which enable secure Web transactions to take place: Authentication allows customers to be...
- Enabling Technologies – Smart Cards - TweetIntroduction At first glance, smart cards look like normal credit or debit cards. However, closer examination reveals the absence of a magnetic stripe as smart...
{ 1 comment… read it below or add one }
Satisfied customers always visit and use your product/service. That’s the rule of the game for web businesses.
During the discussion about Online Transaction fraud and security, I would like to share my experience of an online transaction security service provider “TeleSign”. They offer security solutions to prevent compromise of online accounts. TeleSign’s phone-based two-factor authentication works with any phone and can be easily deployed worldwide. Visit http://www.telesign.com/products-demos/two-factor-authentication/ for more details about two-factor authentication product.
You must log in to post a comment.