Having to get your credit card reissued after it has been used fraudulently is a major nuisance. According to Visa, that's becoming more common in Australia, in part because relatively few sites require additional authentication for credit card transactions online.
Picture by Christian Petersen/Getty Images
Speaking at the CA World Expo event in Sydney yesterday, Visa AP director of e-commerce Justin Roche said that Australia had an unusually high level of fraudulent transactions. "Australia, uniquely in the Asia-Pacific, did suffer over the last 12-18 months the predicament of being targeted by quite a few international fraud rings. Australia is becoming a target for a lot of fraud rings because we have high levels of online merchant capability high levels of credit but only a low level of merchants picking up 3-D Secure."
Visa's solution to this problem is its 3-D Secure authentication protocol, which requires card users to go through an additional security process, typically involving a password or other unique information. 3-D Secure is used for both Visa's Verified By Visa and MasterCard's SecureCode protection schemes.
My own past experience of both Verified by Visa and SecureCode was that they were terrible systems which ask you to sign up mid-transaction, often stuff up once you've done that and are often impossible to distinguish from phishing. My reaction to any site that requires their use is to see if I can find an alternative provider that's offering the same goods. If other consumers feel the way I do, there's potentially a big problem brewing.
Roche said that Visa's own research showed that the use of pop-ups in the initial implementations of 3D Secure has been off-putting. "Merchants were a little annoyed or frustrated when banks were asking people to enrol at the point of purchase. At that point in time, it really was inappropriate." It now recommends banks adopt a more nuanced approach, enabling the service by default for new sign-ups but only requiring it for existing accounts if there's a demonstrable security risk. Systems such as one-time passwords sent by SMS also make the approach more consumer-friendly, he said.
Do you feel safer when sites ask for additional authentication, or is it a nuisance? Share your thoughts in the comments.