Visa Offers Security Spec for E-Transactions

Banks, retailers begin installation of payment tech

Teaming up with more than 60 technology vendors, Visa International Inc. has rolled out a new technical specification to support payment authentication services for online credit card transactions worldwide.

Foster City, Calif.-based Visa International's new 3-D Secure 1.0 specification puts a global spin on payment authentication capabilities that Visa's U.S. operations detailed in May. But at least one industry analyst criticized Visa's specification, saying that it and others like it used technology that was "lying around the shop" and that it could be a lot smarter.

Front-End Limitations

The technology lets consumers buying items online authenticate their identities with passwords or personal identification numbers through windows that pop up after their credit card numbers are entered.

Cardholders can use traditional Visa cards or smart cards at the electronic storefront. But that's where the smart-card technology stops - at the front end. Analysts said the system could go further by allowing card-issuing banks to tie that information into relational databases that could, for example, add frequent-flier miles based on a rewards program to the card's memory.

"I wish that [Visa and MasterCard] and American Express and Discover would take chips seriously and use it for the security it offers," said Theodore Iacobuzio, an analyst at Needham, Mass.-based research and consulting firm TowerGroup.

IT managers at hundreds of banks and retailers will now be faced with installing the new specification during the next 18 months.

Tickets.com Inc. in Costa Mesa, Calif., decided to jump on board Visa's new authentication network because the company believes the specification gives customers better security than chief competitor and market leader Ticketmaster.

"When you talk to customers about their biggest concern over conducting transactions on the Internet, security comes out as their No. 1 major concern," said Andy Donkin, president of Tickets.com's Internet ticketing group.

Mark Redding, vice president of Web development at Tickets.com, said he spent two weeks configuring his Web servers for the new specification and had a "few issues" with that end of the implementation. But, he added, "the coding literally took less than a week."

Oliver Althoff, a spokesman for Fleet Credit Services in Boston, said the installation difficulties on the back end depend entirely on a financial service company's existing network. For Fleet, which has a robust customer service network, it was an eight-month process that included adding Web servers both on- and off-site for redundancy and backup capability.

"We had some significant expenses around the smart-card technology, but we had a robust servicing platform that we were able to piggyback on," Althoff said.

Randi Purchia, an analyst at AMR Research Inc. in Cambridge, Mass., agreed with Iacobuzio that the technology Visa is using is nothing new. Merchants will be quick to adopt it because verifying the cardholder's identity promises to cut in half the number of chargebacks, or failed purchase attempts, they currently experience, Purchia said.

"I'd agree that the smart-card solution is the place where this is all heading," Purchia said. "It's just not moving as fast as we would hope."

1by1.gif

Giving Credit Where It’s Due

A sampling of vendors that contributed to Visa International’s authenticated payment system:

red_bullet.gif
Accenture
red_bullet.gif
Cap Gemini

Ernst & Young

red_bullet.gif
Ericsson
red_bullet.gif
Go Software
red_bullet.gif
IBM
red_bullet.gif
iPrivacy
red_bullet.gif
Microsoft
red_bullet.gif
Motorola
red_bullet.gif
Oasis Technology
red_bullet.gif
Oracle
red_bullet.gif
Schlumberger Sema
red_bullet.gif
SkyGo
red_bullet.gif
Sonera SmartTrust
red_bullet.gif
Sun Microsystems
red_bullet.gif
Toshiba
red_bullet.gif
Unisys

Copyright © 2001 IDG Communications, Inc.

  
Shop Tech Products at Amazon