- This topic is empty.
August 18, 2015 at 2:41 am #992594::
Recently I saw an article in the editorial section which talked about how small businesses get affected during charge-backs. This is when fraudsters use someone else’s credit card to make a purchase, you as a business send out the goods. And then when the owner of the credit card realises that they’ve been charged for something they didn’t buy, they contact the their financial institution and issue a charge-back without even asking you. So you’ve sent out the goods, you’ve lost the money and you have some information to go with which may or may not even be true.
What if, there was a system which allowed you to get the user to verify their details online. The system then gives you the merchant a result saying that an individual with this first name, middle name and last name has been verified (in order to get verified they would have had to give details like their driver’s license, current residential address, date of birth which the system would then match against known government databases) and then you as the merchant just ensure that the card holder’s name is the same as the name which was verified.
So even if a fraudster gets their hands on someone else’s credit card, if they can’t prove that they’re the other person by providing their details (which they’ll unlikely have), then it should allow merchants to do so.
There are convenience down falls of course which is why merchants have to be careful which transactions they want to use it on. If there are merchants who have accounts which you log into, have an associated credit card which you make payments with, the system can be used there where the account gets verified and then when the credit card details are entered, it should make sure that the card holder’s name is the same or similar to what was verified.
I’m not saying this will prevent charge-backs. Nor will it prevent frauds situations where fraudsters were able to gain access to a user’s personal details, get 100% verified and then use their card details. But it will give merchants more information to go on than just a postal address (which in fraud situations I believe is the only true piece of information).
Let me know what your thoughts are on this.August 18, 2015 at 3:10 am #1187081Hatching_ItMember
- Total posts: 414
Great idea Prathamesh,
Unfortunately we’re likely to never see this in Australia though. AVS (address verification service) exists in other countries but not in Australia due to our privacy laws (and that system only verifies the digits in your address, it’s far less invasive than your suggested solution)August 18, 2015 at 3:37 am #1187082::
No No. We’re already doing online verification where we collect name, dob, residential address and driver’s license amongst other things if necessary to verify an individual online. So it’s a system which most definitely exists. Right now we’re using it to verify individuals who secure funds with us. Once again we do this to prevent fraud but actually is a requirement for us under AMLCTF.
I was just thinking of seeing if there are charge back problems in the online selling industry in Australia, would merchants like to use a system (which we can make in the form of an API or off-loaded system) to first verify their purchasers for high risk transactions?
And we do this verification for Australian customers. So there’s definitely no technical limitation.August 18, 2015 at 5:10 am #1187083::
Sounds great, but like Macclean says there are privacy issues providing this to each merchant, plus just how much extra time, effort and expense will there be involved in accepting transactions, if this type of verification has to be gone through first.August 18, 2015 at 5:21 am #1187084::
Hi Bert ..
You’re right when you say that there is extra time taken to complete the transaction and hence it’s usually up to the merchant providing the facility to make the call. They can probably limit it only on transactions which they feel are high value or high risk.
Say for example a payment comes through on their terminal for some products. If the merchant wants, they can ask the purchaser for security purposes to quickly verify their details before they ship the products.
And if the basic steps are taken
1. The verification service runs on an encrypted link
privacy issues shouldn’t be a problem.August 18, 2015 at 6:58 am #1187085::
ok, so you left out a response to my expense question?
I always like it when companies say privacy issues aren’t an issue, than next week there is some big story how they accidently let out a heap of private information, or had there super duper ultra secure facility hacked, yes it does happen.
So based on your scenario, I get an order through at 10PM at night, obviously I don’t process it straight away (we do take a break sometime), so next day I go to process it, I decide its high risk (not sure on the criteria but I will decide). Go back to the client, who by now is tucked up in bed, so its another day before all the verification happens. Sounds good to me.August 18, 2015 at 11:14 pm #1187086::
Sorry. Read through your response a bit quickly there. Apologies.
I think it was also because, it’s not a real independent product that we currently have, but I just wanted to see it’s application first. If I were to give an estimate, I’d say in the realms of $5.00 to $8.00 per customer.
In relation to the scenario you mentioned, you’re absolutely right. Because of the alignment of events, there would be a delay in getting the verification done. But since it’s an online verification, it can be done by the client at their convenience and doesn’t require them to call inside office hours etc. which usually is the reason for most delays (which used to be the problem for us before we built our electronic verification system).
And it’s purely on the risk assessment on part of the merchant. I’m already aware of the negotiations involved in getting clients overboard and you’d want to keep them happy as much as possible. So don’t take me wrong.
It’s just an idea for a tool that if possible can be used to give an added layer of security.
But do continue to find flaws in the idea. It really helps in thinking it the whole way through.August 19, 2015 at 1:45 am #1187087Hatching_ItMember
::checkvault, post: 219232, member: 64474 wrote:privacy issues shouldn’t be a problem.
- Total posts: 414
I think you need to research this some more
You can’t verify if the details are actually valid, you can only cross reference them against your own database (which isn’t guaranteed to be correct)
This is what companies like ACI, Riskify, Kount etc do.August 19, 2015 at 2:23 am #1187088::
The cross referencing happens against government databases which our system has access to. And these databases cover Australian Electoral Role, DVS (Driver’s license checks), Medicare, Passport etc. a combination of which are used by the individual to cross the electornic safe harbour after which we’re assured that the individual on the card is the individual making the payment.
But that’s the talk we have in our office right now is to have an identification network.
I also learnt about 3d-secure (look it up) which is used by some merchants to make the individual confirm their identity before they can make the payment. But I’ve seen it and it’s rigid, outdated and there’s even instances where the real individual cannot pass the questions so it makes it even harder.
So yea, that’s what I currently have in mind.August 19, 2015 at 5:30 am #1187089::checkvault, post: 219253, member: 64474 wrote:But do continue to find flaws in the idea. It really helps in thinking it the whole way through.
Not looking for flaws, looking for reasons why I would use this service in one of my business’s,
I guess you still haven’t satisfied me why your security is better than others who have being successfully hacked. Its like some of the cloud systems running around saying our security is as good as bank security, therefore we are good. Banks have being hacked.
Plus on the time delays, in a lot of industries, the idea is sign up people while you have them on a hook, let them go away to do verification, scratch their nose or whatever, and they come to their senses and think why am I buying this $1M Lamborghini, I would be better of with the roller down the street. Ok, so I have one of each but that’s a different discussion.
But seriously, I remember a scenario, where a real estate agent had me ready and willing pen in hand to buy a very expensive property, but for reasons only known to himself he cancelled the 8PM appointment, and reschedule for 8am the next morning, the stock market crashed in those 12 hours, and he lost a sale.August 19, 2015 at 6:34 am #1187090arrowwiseMember
- Total posts: 641
The banks could invest significantly more to develop a lot more fancy systems and checking mechanisms to protect the merchant more and just about eliminate the chance of chargebacks in most cases. For some reason in this country they choose not to, to the point that its is profitable for them to allow charge backs to happen and charge a fee to process them etc.August 19, 2015 at 10:53 pm #1187091::
I know there are certain situations where you as the merchant may face difficulty in getting your clients to use such a system. The end goal is to minismise if not prevent charge backs from affecting businesses. And at the same time making the process as seamless and easy as possible.
It’s always been a challenge to provide security and a seamless and easy experience at the same time. And it’s in that effort that I’m trying to see what can work.
And Steve, sometimes I feel it is important that we take certain things into our control rather than rely on really large institutions (banks, government) to do so. If they do, that’s well and good, everyone will benefit.. But how high is it on their priority list, we can never know. And if we take it into our own hands, it’s a business opportunity.August 20, 2015 at 2:36 am #1187092arrowwiseMember
- Total posts: 641
Yes Prathamesh there is a potential business opportunity. Outside having the physical in person signature with the card, no one seems to have cracked the code to give guaranteed fraud protection to the merchant. If you can crack this quote and be able to sell such a solution you could be on winner.
- You must be logged in to reply to this topic.