Choke Point: Preventing Credit Card Fraud

In the struggle to prevent fraudsters from turning stolen credit cards into cash online, retailers are the country's last, best defense

The programs are known, individually, as Verified by Visa and MasterCard SecureCode. The idea is that a cardholder signs up for the card-protection service with her credit card company, picking an extra password to authenticate herself online. Then, whenever she completes a transaction with an online merchant that has also signed up for the service, a third-party authenticator asks for the passwordâ¬ideally, as a seamless part of the checkout process.

"If you don't know the password, you can't use the card," says Steve Javery, CompUSA's director of e-commerce, development and integration.

The way it works is through a software package called 3D Secure, which hooks into the merchant's order processing and does the confirmation for both programs. Javery is a pretty good, if unofficial, spokesman for Visa. He says the implementation cost was low. "It took just one developer less than a couple weeks to get this up and running and tested and deployed," he says, noting that the system paid for itself in "a short time frame" and did not increase the number of shoppers who abandoned their shopping carts.

The payoffâ¬beyond lower fraud ratesâ¬is exactly what merchants have been clamoring for for years. According to Visa, retailers who sign up for Verified by Visa get a 5 percent to 10 percent reduction in the rate they pay to process all Visa transactions that involve a consumer credit card or debit card. (MasterCard declined requests for an interview.) What's more, if the customer enters the Verified by Visa password, the liability for that transaction shifts to the bank that issued the card if it turns out to be fraudulent.

Right after the holidays, MasterCard announced similar incentives; merchants who support SecureCode will be eligible for rates that the company describes as "comparable to those for face-to-face transactions," or up to 16 percent lower than previous rates.

Avivah Litan, vice president and research director at Gartner, has been watching the situation for years, and she is heartened by the card associations' taking on more risk. "Before, it was every online retailer on their own when it came to online commerce fraud control, and they were all duplicating their efforts," Litan says. "It was extremely decentralized and extremely inefficient. But places like Citibank and Bank One have spent hundreds of millions of dollars protecting against fraud over the past years, and they've gotten really good at it. You're just shifting the liability around, but if you can shift it to someone who can fight it effectively, we're much better off."