While most credit card companies are waiving cardholder liability for fraudulent online purchases the fact remains that using a credit card on the Internet has risks. The problem is not conducting a credit card transaction on the Internet, it's what happens after the online order has been fulfilled. Some online mechants maintain databases on customers that store personal information such as credit card account numbers. A few, very smart hackers have broken into these systems and captured the confidential cardholder information. The largest payment system in the world is now tackling the problem head on. This month VISA launched several security initiatives to protect cardholder data.

The initiatives are part of the VISA Secure Commerce program.

In October VISA adopted new consumer protection policies that state that in the event of a valid transaction dispute, when the cardholder has made every effort to settle the dispute with the web merchant but is still not satisfied, the card issuer must provide a refund. VISA also adopted a series of new security standards for e-merchants who maintain customer databases that contain cardholder data. Among the new standards: restricting access to data on a need to know basis; assigning each person a unique identity to be validated when accessing data; tracking access to data, including read access, by each person; and encrypting data maintained on databases or files accessible from the Internet. VISA also warns e-merchants not to use vendor supplied defaults for system passwords and other security parameters. By mid-2001, online merchants that accept VISA-branded cards must have VISA’s data security requirements in place.

To monitor compliance VISA has formed an alliance with Internet Security Systems to verify that e-merchants and ISPs meet VISA’s online data security requirements in order to protect cardholder data from hackers. ISS will provide routine vulnerability monitoring through a remote, managed security service that utilizes mock attempts to compromise merchants’ networks, systems and databases.  During these mock hack attacks, ISS will check hundreds of vulnerabilities related to external hacking as well as hundreds of security risks from within the merchant organization. As routine security assessments are performed, ISS will provide detailed summaries of security risk exposures and prioritized compliance information to minimize security risks.

VISA also announced this month another initiative whereby it will provide a payer authentication service to enable card issuers to confirm their cardholder’s identity to the merchant during the virtual checkout process. This will be accomplished by using a password that the cardholder registers with his or her card issuer. VISA is pilot testing the service at select merchants and will expand payer authentication participation throughout 2001, with a goal of reaching the top 100 online shopping sites. Once the “buy” button is clicked, the authentication process creates a window to confirm the cardholder’s identity by requesting the registered password (stored only at the card-issuing bank) and then transparently passes a notice of authentication from the card issuer to the merchant. Incidentally the payer authentication process was designed to take advantage of the data storage and processing capabilities of the recently announced smart VISA cards.

American Express and MasterCard are also addressing the online issue. In September, American Express introduced Private Payments. Under the AmEx program, customers are able to purchase online without transmitting their actual card account number over the Internet. When a cardholder is ready to make an online purchase they simply go the AmEx Private Payments web site. This launches the service, which then prompts them for user name and password, and to select the AmEx card they want linked to the Private Payments number. A unique Private Payments number with expiration date is then randomly created. The cardholder's actual card account number is not sent over the Internet. The Private Payments number is designed to be used for a single purchase and to expire after the merchant authorization process is completed. MasterCard says it offers a number of virtual account number and pseudo account number programs to its members. These include the Virtual MasterCard Program, as well as pseudo account number systems available from third parties such as Cyota.

The bottom line is: merchants are frustrated taking credit cards online since they are eating the lion's share of fraudulent credit card purchases and consumers are nervous sending their confidential information over a global, open computer network. The killer solution must be found soon.

DIRECT  MAIL  TANKS

Response to direct mail credit card solicitations hit a new low this year.  During the second quarter of 2000 nearly one billion card solicitations were mailed in the U.S., producing a nationwide response rate of 0.4%. The second quarter's mail volume represents the highest quarterly amount ever mailed with 79% of all households in the U.S. receiving at least one card solicitation. According to BAIGlobal's Mail Monitor tracking service, the top ten card issuers in the U.S. accounted for 91% of all mailings during the quarter, slightly higher than the second quarter of 1999. Despite the low response rate, issuers still netted a total of 4 million credit card applications from their direct mail efforts during the second quarter because of the unusually high volume of mail. This was a 14% increase over applications generated by mail solicitations in the second quarter of 1999. Mail Monitor also found that 7% of consumers during the second quarter reported applying for a credit card online.

UNBANKED  &  UNCARDED

How many adult Americans do not have a bank account or a credit card? While the guesstimates range wildly, the consensus seems to place the figure around 30 million for the unbanked and 50 million for the uncarded. The latest issue of Economic Quarterly, a publication produced by the Federal Reserve Bank of Richmond, estimates that 15% of American households do not own a checking account. The FRB research found that most low-income individuals forego checking account ownership due to cost. Rather than paying account fees, many cash their checks for free at banks and grocery stores and pay bills with cash or low-cost money orders. Surprisingly, the FRB found that few regularly use costly check-cashing outlets. With approximately 24% of American households without a credit card, the U.S. market for the uncarded has been the most dynamic area of growth in the credit card business today.

CLICK  OR   LICK ?

Americans appear to be ready to begin paying their bills electronically.  However an overwhelming percentage of consumers refuse to pay $5-$10 monthly fees for this option. According to a new study by NFO Interactive, 69% of a representative online sample indicated that they have been offered access to an online payments service. Sixty-two percent of respondents overall said that they thought the service was useful. More than three quarters respondents to the NFO study said they would not be willing to pay $5-$10 per month for a service of this type. However 26% of respondents under age 50 said that they would be willing to pay a modest fee for this type of service. Three out of ten respondents who earn over $50,000 per year stated that they would be willing to pay $5-$10 per month for an EBPP service. NFO says most consumers will weigh the cost of postage against EBPP fees.

ONLINE  PULSE

Online buying continues to increase as the number of people coming onto the Internet grows. A new study by Harris Interactive shows there were 45.1 million browsers (online information gatherers and offline buyers) during the second quarter and 30.3 million online buyers. For 3Q/99 there were 48.5 million browsers and only 19.4 million buyers. Harris says more and more online shoppers are choosing to stay online to make a purchase rather than browsing online and going offline to a bricks & mortar store to buy. Consistent with this trend, Harris Interactive data also show that the ratio of online to offline spending is also decreasing over time. In 10 of 12 vertical markets tracked by Harris Interactive e.commercePulse, fewer dollars were spent offline (as a result of online shopping) per one dollar spent online. Using Harris Interactive's Web-based technology, the survey for the second quarter of 2000 was conducted online with 97,633 adult online users at three different periods over the course of the quarter. The survey covered 266 e-commerce Web sites in 13 vertical markets.