Go Back   FlyerTalk Forums > Miles&Points > Credit, Debit and Prepaid Card Programs > Credit Card Programs
Sign in using an external account

Reply
 
Thread Tools Search this Thread
Old Nov 29, 14, 8:38 pm   #1
 
Join Date: Jan 2014
Location: San Diego, CA, USA
Posts: 1,377
CNP fraud: what will the US do after EMV?

The US is finally adopting chip and signature for the most part, with a few cards asking for PIN for nearly every transaction. Contactless might also take off in mobile phone form with the advent of Apple Pay. Neither of those things are going to take care of card not present/online fraud, however.

3D Secure is common in Europe. Some US cards used to support Verified by Visa/MasterCard SecureCode, but apparently don't any longer. This is causing problems for people who need to buy stuff from foreign websites. And since Visa/MC are killing off their 3D Secure implementations, it doesn't look like any future cards will have support for it.

So, what is the US going to do to reduce online fraud? Will we end up not adopting whatever Europe and the rest of the world go with? And what about in the meantime since VbV/SecureCode will probably still be around overseas for a while?
tmiw is offline   Reply With Quote
Old Nov 29, 14, 9:52 pm   #2
Formerly known as alexmt
 
Join Date: Nov 2012
Posts: 1,382
That Guardian article doesn't give any technical details. I imagine such 2FA existing within the existing 3-D Secure framework.
AllieKat is online now   Reply With Quote
Old Nov 29, 14, 9:57 pm   #3
 
Join Date: Jan 2014
Location: San Diego, CA, USA
Posts: 1,377
Quote:
Originally Posted by alexmt View Post
That Guardian article doesn't give any technical details. I imagine such 2FA existing within the existing 3-D Secure framework.
Potentially. Another possibility is that issuers simply don't bother implementing it for the US. They may want to see how far requiring CVV2 and using existing fraud prevention algorithms will take them, since that requires access to the physical card (much like how they consider lost/stolen fraud to be too low to make PIN worthwhile for EMV).
tmiw is offline   Reply With Quote
Old Nov 29, 14, 10:16 pm   #4
 
Join Date: Nov 2013
Location: United States
Posts: 354
The US is usually one of the last countries to implement this sort of stuff due to our fraud rates being traditionally lower than other countries. I'm not sure if this is the case with card not present transactions as well. Obviously the number of cardholders in the US is significantly larger than other markets as well.

I've sent an e-mail to Visa, Mastercard, American Express & Discover to see if any of them will officially comment. Visa has Visa checkout, which they are promoting heavily at the moment.

My guess is that they will come out with official offerings similar or the same to Verified by Visa and then do a liability shift to get merchants to sign up, much like they are doing with the EMV roll out.

I wouldn't expect anything anytime soon though, EMV is the security focus at the moment.
__________________
Did I miss something? Feel free to PM me.
Doctor of Credit is offline   Reply With Quote
Old Nov 29, 14, 10:24 pm   #5
 
Join Date: Jan 2014
Location: San Diego, CA, USA
Posts: 1,377
Quote:
Originally Posted by Doctor of Credit View Post
The US is usually one of the last countries to implement this sort of stuff due to our fraud rates being traditionally lower than other countries. I'm not sure if this is the case with card not present transactions as well. Obviously the number of cardholders in the US is significantly larger than other markets as well.

I've sent an e-mail to Visa, Mastercard, American Express & Discover to see if any of them will officially comment. Visa has Visa checkout, which they are promoting heavily at the moment.

My guess is that they will come out with official offerings similar or the same to Verified by Visa and then do a liability shift to get merchants to sign up, much like they are doing with the EMV roll out.

I wouldn't expect anything anytime soon though, EMV is the security focus at the moment.
IIRC merchants are always liable for CNP transactions. Visa/MC might shift liability to banks though if a merchant implements 3D Secure or something else. I'm kinda disappointed that we didn't go the built-in EMV reader in people's PCs route.

BTW, speaking as an online merchant PCI compliance has gotten stricter and stricter over the years. I recently had to turn on 2FA for SSH access to the system holding the client billing application, even though I don't store any credit card info myself (I use Authorize.net's CIM service and pass in an amount and client ID every month). 2FA is also required even though I blocked SSH access for all but a couple of locations that I frequent, which makes sense when you consider that one of those could be hacked.
tmiw is offline   Reply With Quote
Old Dec 1, 14, 4:42 am   #6
Used to be 'flymanbeast'
 
Join Date: Jul 2011
Programs: Delta DIAMOND ,Churner Extraordinaire
Posts: 2,150
My cards still do verified by visa i noticed
howtofreetravel is offline   Reply With Quote
Old Dec 1, 14, 10:15 am   #7
 
Join Date: Jan 2014
Location: San Diego, CA, USA
Posts: 1,377
Quote:
Originally Posted by howtofreetravel View Post
My cards still do verified by visa i noticed
Last time I used a Chase card at newegg I think a VbV box did appear but it immediately closed itself without asking for anything from me or letting me sign up.
tmiw is offline   Reply With Quote
 
 
Reply

Bookmarks


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off
Forum Jump


All times are GMT -6. The time now is 10:32 pm.