Visa has updated its Verified by Visa service to bring it up to date with the new era of e-commerce. The changes to Verified by Visa and the associated Three-Domain Secure service mean that it will be even more secure. It will also be more convenient, not just for customers, but for financial institutions as well.
During the early days of e-commerce, merchants and banks did not have very much in the way of resources for ensuring that the person who was attempting to make a payment was the cardholder. The 3-D Secure and Verified by Visa services make it possible for consumers to authenticate themselves to their bank while not passing the information to the merchant. So even if the merchant’s site was hacked, an attacker would not have all of the details required to perform fraudulent credit card transactions.
Today, the Verified by Visa service performs a number of risk-based checks, looking at shopper behaviour to decide whether a transaction is likely safe. It looks at whether the shopper has bought from a service before, whether the device is located in an area where the cardholder typically spends time, whether the device is one that the shopper has made purchases from in the past, and whether the merchant is one that usually produces authentic transactions. Based on these checks, the company can either allow the purchase to go ahead without further checks, or request more information.
The original Verified by Visa system relied on a password, but there is too much risk of that being forgotten. The new system relies on sending a dynamic passcode to the shopper’s device via SMS or email. The user can then enter that to prove that they are who they say they are.
This, along with changes to reduce enrolment vulnerabilities, should make the system easier and more convenient for everyone. These changes will be accompanied by changes to 3-D Secure, to deploy a new standard that will give issuers access to more information to help ensure that legitimate transactions are not declined. The new 3-D Secure 2.0 standard will offer better integration, so that shoppers can enjoy a seamless checkout experience.
The full specifications will be made available later this year, and Verified by Visa hopes that static password authentication will have been eliminated in Europe, the Middle East, Africa, and Asia Pacific, by October 2018.