Nov. 26, 2012
With the fabled Cyber Monday shopping frenzy under way, Visa Inc. launched an authentication tool for online transactions intended to cut fraud while reducing the risk of shopping-cart abandonment.
The tool, which Visa calls its Consumer Authentication Service, can be deployed by any Visa issuer starting on Monday. The network has been running the service on a test basis with a few issuers for the past couple of months.
It is available as a cloud-based service and works with both PC-based and mobile e-commerce transactions at a time when mobile devices are said to account for an increasing share of online volume. For example, handsets and tablets, led by the Apple Inc. iPad, accounted for more than 16% of online sales on Black Friday, the day after Thanksgiving, up from 9.8% last year, according to data from IBM Corp.
The new Visa service allows issuers to determine transaction risk as the customer starts the checkout process. Transactions deemed low risk may be allowed to proceed without passwords or other authentication methods. Risk factors the service considers include the type of device in use, information about the transaction, and the consumer’s historical spending pattern. The system generates a consistent score, but issuers can set their own tolerances down to the account level, says Mark Nelsen, head of risk and authentication product development at Visa.
By letting low-risk sales proceed immediately, the service intends to cut down on the extra steps that can cause a consumer to walk away from a transaction, Visa says. For example, Visa Consumer Authentication Service works with Verified by Visa, a 10-year-old authentication system that requires consumers to enter a password on a pop-up screen before proceeding with checkout. While merchants have complained that the extra step drives away customers just when they’re clinching a sale, Visa says the new service will confine the Verified by Visa process to high-risk transactions only.
How many transactions could be spared the extra vetting will vary by issuer, but “we think it can be significant,” says Nelsen. He points to data indicating that on average around 90% of transactions qualify as low-risk among Visa issuers, meaning that the volume of false positive results of a risk-vetting routine would be too high to justify running the routine. While the actual number will vary by issuer, that implies that only around 10% of transactions could require authentication. This stands in contrast with the typical practice with Verified by Visa , which is to run it on 100% of online transactions. Data on how many issuers and online merchants have adopted Verified by Visa were not immediately available.
“Traditionally, Verified by Visa did create quite a lot of friction,” says Nelsen, who adds Visa’s objective with the new service was to “get risk intelligence into the authentication space” to improve risk reduction while cutting abandonment. “Our key objective is to reduce as much as possible the number of times an issuer has to ask for additional authentication,” says Nelsen.
Visa Consumer Authentication Service. supports other so-called Three Domain Secure (3-D Secure) systems besides Verified by Visa, such as SecureCode from MasterCard, as well as other authentication technologies such as one-time passwords and hardware tokens, Visa says. Issuers need not install software to use the service and can get started by supplying the network with their bank identification numbers and the types of authentication they want to run, Nelsen says. Pricing for the service depends on a number of factors, Visa says, without being more specific. Issuers should contact their account executives at Visa for more information on pricing, the network adds.
SPECIAL FEATURERead Digital Transactions Online