Dueling Payment Systems

Visa, MasterCard take different approaches to authentication.

Online merchants could face integration hassles as they deploy forthcoming and competing credit card payer authentication technologies from Visa USA and MasterCard International Inc.

The technologies, Visas Verified by Visa, due in widespread use this fall, and MasterCards Secure Payment Application service, due next year, take distinctly different approaches. Visa performs authentication on the merchant site, while MasterCard handles it on the customers PC automatically, using a previously downloaded applet.

As a result, merchants that accept credit cards will be required to support two authentication mechanisms.

Furthermore, some observers speculate the companies respective systems may be no more successful in gaining market acceptance than the ill-fated SET (Secure Electronic Transaction) authentication protocol, a protocol spearheaded by Visa and MasterCard.

Visa sweetened the bait for its system last week when it announced that online merchants using Verified by Visa will have no liability for any transactions processed by the service. This fall, the San Francisco-based company plans to launch a marketing blitz when it makes the service available to consumers. A handful of Web sites have already installed the server software.

Verified by Visa, also known as Visa Payer Authentication, authenticates credit card users with a password and requires no client software. MasterCards Secure Payment Application service, which the Purchase, N.Y., company will pilot in April, also uses a password or PIN and requires an applet for authentication.

MasterCard and Visa, which formerly cooperated, now find fault with each others approaches. Visas service, for instance, will extend transaction processing times, take customers off the merchant sites for authentication and require complex integration. MasterCards service, Visa countered, amounts to a digital wallet, which consumers have been loath to use.

About the only thing MasterCard and Visa seem to agree on is that SET, which was launched in December 1997, was a failure. SET required long download times for customers, used clumsy digital certificate technology, and created integration hassles for merchants and banks that issued the credit cards. It had all but faded away by late 1998.

But with Visa and MasterCard now going separate ways, some merchants see little reason to try authentication technology.

"Were not really interested [in the Visa or MasterCard systems], not right now," said Kanth Gopalpur, vice president of e-commerce at Djangos Music Corp., of Portland, Ore., which sells music and movies online. "Youre creating another layer of complication. Once [customers] go through the trouble of giving you their credit card number, now they have one more password to remember."