We’ve all mostly likely come across a Verified by Visa box that appears during the checkout process, but being able to explain what that is, and how it works, well, that’s a different story.
Making online payments is more popular than ever before, and it’s becoming increasingly important to protect yourself (and your customers) from fraudulent transactions. Utilising Verified by Visa is one way to add an extra layer of security to such transactions.
In this article, we’ll talk about what it is, how it works, and how to use 3D Secure to ensure the best possible security for online transactions.
So, without further ado, let’s delve deeper behind the scenes of the online checkout process!
What is 3D Secure?
3D Secure (3-domain structure) is a security protocol that helps prevent fraudulent online credit and debit card transactions. This additional level of security was first implemented by Visa, and soon followed by Mastercard and American Express. The have since branded as Verified by Visa, MasterCard SecureCode and SafeKey respectively.
The three Ds in 3D Secure stands for three domain severs. This means there are three parties involved in the verification as follows:
The merchant – e.g. Tesco, Topshop, Starbucks, etc.
The acquiring bank – Halifax, Lloyds, Barclays etc.
The card issuer – Visa, Mastercard, American Express etc.
In general, 3D Secure systems provide an additional layer to usual online payment protocols and deliver enhanced card security checks.
In practice, if you’re ready to pay for something online, you’ll be redirected to your debit or credit card provider’s 3D secure page on their website. You’ll then be asked by your provider to enter a password or an authentication code. Once the correct details have been entered, the payment will be approved by the card provider and you will be directed back to the original website.
Of course, how 3D Secure systems work, and what they require of the customer, varies between each service.
For now though, let’s take a look at the main focus of this article – Verified by Visa.
What is Verified by Visa?
As we’ve mentioned earlier, Verified by Visa is the 3D Secure service from Visa. Launched in 2001, it is an advanced anti-fraud tool Visa offers to businesses – and likely the most well-known fraud prevention service in the UK.
It’s there to provide extra piece of mind for online shoppers and to provide protection from fraudulent card transactions at its member websites in Europe.
So, let’s get down to the nitty-gritty and explore how Verified by Visa actually works.
How does Verified by Visa work?
The simpler answer goes like this:
The customer enters their Visa card details which triggers the Verified by Visa protocol to whizz into action.
Next, a message box pops up, asking the customer for additional security information. This is usually by way of their Verified by Visa password, or an authentication code sent to their phone.
If the information provided matches up, the transaction goes ahead as normal. However, if something doesn’t match up/the information is entered incorrectly, the transaction will be declined.
For those looking for a little more detail, the Verified by Visa process is a little more in-depth than the above.
So, here’s how it works according to Visa:
The cardholder inputs their Visa payment details.
The merchant’s 3D Secure service provider packages the message with the transaction information and delivers it to the issuer via authentication request.
The transaction is then risk assessed. Low risk = no further customer verification is required. High risk = the cardholder will be prompted to verify their identity by providing a password or one-time authentication code.
The issuer sends the authentication result to the merchant.
The merchant then submits the transaction for authorisation, flagging up the authentication result.
So, there you have it. That’s how Verified by Visa actually works.
Now let’s move on to what customers think about that added layer of security…
Does Verified by Visa harm conversion rates?
When Verified by Visa originally launched, consumers weren’t too impressed. They were either spooked, thinking the extra step was a fraudulent process, or they simply couldn’t remember their password. This caused many to abandon transactions at the final step – the worst thing that can happen for online merchants.
The hard part – attracting visitors to their website and persuading them to buy something, was in the bag. But the final payment was not. And all because of a pesky verification box during the checkout process. The potential client disappeared.
This confusion, and reduction in customers for some merchants, led to a sharp drop in conversion rates – and many merchants chose to offer PayPal as an alternative.
Youch.
However, that’s all in the past and the Verified by Visa process is now much more user-friendly. Instead of a dodgy pop up window, it’s integrated into the payment page. It’s become a part of the checkout process rather than a confusing add-on.
The risk assessment process also means that not all transactions will be subject to extra checks. In fact, less than 5% of transactions where 3D Secure could be applied are actually put through the 3D Secure checks.
Customers are also way less likely to abandon ship with these refinements.
Will PSD2 affect Verified by Visa?
The EU Payments Services Directive (PSD2) came into force in January 2016. It brings in new laws aimed at improving consumer rights and enhancing online security.
The PSD2 directive will require Strong Customer Authentication when either the customer card issuing bank or the merchants card issuing bank is within the European Economic Area.
It allows merchants to retrieve customers account data from their bank – with their permission. That means when the consumer buys something, they can make the payment for you, without having to redirect you to another service (like Visa).
Perhaps most notably, the PSD2 includes a mandate to perform Strong Customer Authentication (i.e. two-factor authentication) before the initiation of a payment. The guidelines also require the use of a ‘one-time-password’.
Is Verified by Visa compliant with the PSD2 requirements?
So, the big question – does Verified by Visa meet the PSD2 requirements or will online merchants look to to take their business elsewhere?
According to Visa, Verified by Visa is fully compliant:
“Visa supports the PSD2 requirements for Strong Customer Authentication (SCA), and Visa’s
3D-Secure (3DS) programme supports PSPs to be PSD2 compliant. 3DS, along with our new
products, programs and positions that are outlined in this paper, are in line with Visa’s vision
for secure, compliant, advanced and convenient electronic payments, and aim to deliver a
good balance between security and consumer convenience.”
It’s worth noting that there are some exceptions to the SCA, enabling the use of “alternative methods of authentication.” Namely; the transaction is under 30 euros, or the transaction is deemed as low-risk after a risk assessment.
Given the current Covid-19 crisis, the Financial Conduct Authority (FCA) have agreed to delay the enforcement of a Strong Customer Authentication (SCA) until 14 September 2021. This means UK issuers are not required to decline non-compliant transactions prior to this date.
In the meantime, you can read Visa’s PSD2 Implementation Guide here.
Have your say
There’s no doubt that Verified by Visa offers greater protection against the unauthorised use of your card for online purchases. But, if you don’t like the service, you simply won’t use it. And that’s what matters to merchants.
So, let’s start a conversation. What do you think about Verified by Visa? Do you like the additional security or is too much of a hassle? Let us know!
