Visa Upgrades Its Web Authentication

3D Secure requires customers to submit password; technology to save money, reduce credit card fraud.

Authentication technology being adopted by Visa USA in its 3D Secure payment system will make the checkout process at e-commerce sites more secure for online shoppers and businesses.

While this may force consumers shopping at Web sites to sacrifice some convenience, it likely will reduce some of the financial burden that e-tailers shoulder as a result of credit card fraud.

Based in part on Arcot Systems Inc.s TransFort payment authentication software, 3D Secure enables card-issuing banks to confirm a card holders identity to an online merchant during the checkout process.When a shopper on a PC or a Wireless Application Protocol-enabled phone is ready to check out, the Arcot technology launches a pop-up screen where customers are required to enter a password after they enter their credit card information. The password is authenticated, not by the site, but by the bank that issued the customers Visa card, before the transaction can go on.

The role that Arcot, of Santa Clara, Calif., plays in the architecture will be announced this week.

MasterCard International Inc., of Purchase, N.Y., is expected to announce a similar customer authentication service this week at the CardTech-SecurTech show in Las Vegas. A company spokeswoman declined to comment on how the specifics of the service compare with Visas 3D Secure.

Credit card fraud is a greater problem for online merchants than it is for retailers in general, according to San Francisco-based Visa. The credit card company said that while just 6 cents of every $100 spent with Visa cards as a whole is fraudulent, that number jumps to 24 cents for Web transactions.

The new authentication process will be offered to fraud-wary consumers initially on an opt-in basis, but by 2003 Visa intends to require all card holders to establish a password to be used in the authentication process, a Visa official said. Web sites will not be required to employ the authentication process, though some say they intend to.

"Credit card frauds not a big problem for us, but we think our customers will love the added security," said Randall Oliver, spokesman for Tickets. com Inc., a Costa Mesa, Calif., company that sells tickets to sporting and entertainment events. "Its one more screen theyll have to deal with, but were talking a matter of seconds that itll add on. We dont think itll be a significant added burden for them."

Not all sites are sold on 3D Secure, though. Rich Secor, CIO of educational toys e-tailer Inc., pointed out that password protection, while better than nothing, is not a terribly strong form of security. But authentication could prompt more customers to order online rather than through a more expensive call center, said Secor, in Needham, Mass. Still, he said, 3D Secure wont necessarily solve this e-commerce conundrum. "My feeling is that most people who are frightened enough of putting their credit card number in an order-entry form on the Web wont feel much better about putting in their password," Secor said.