3-D Secure

3 -D Secure is a procedure that is used for additional security for online credit card transactions. It was developed by the VISA credit card organization and is offered under the name Verified by Visa. Under the name MasterCard SecureCode MasterCard also offers this service. With 3- D Secure the risk of fraud and failure to pay by card abuse should be reduced. In addition, the receipt of payment is the shop owners that use 3-D Secure, guaranteed.

Function

The buyer initially one his VISA or MasterCard credit card number. Thereafter, a connection is made to the card issuer so that the buyer confirms his identity using a code therein. Was the authentication is successful, the credit card payment is executed.

As the authentication is performed exactly, is not defined in the Protocol and depends on the card-issuing institution. Often, static passwords are used. For example, the MasterCard Secure Code from at least 6 and at most 10 characters, at least one sign of which must be a digit. Part also safer method as mTAN be used. At Postbank, the 3- D Secure authentication is only queried if an online order " a known fraud patterns similar ". In this case, personal characteristics are retrieved that are " directly related to your customer relationship with Postbank " and " therefore correctly entered only from the actual credit card holder " can. What features could be the concrete, is not explained by Postbank.

In any case, the code is not stored or printed on the card itself. He is not to be confused with the often requested 3- digit (sometimes 4- digit ) check digit on the back of the credit card.

Advantages for banks and merchants and liability

The advantage for the customer is called MasterCard, that the abusive use of hackneyed map data in e-commerce is severely limited, since the password by the client during the registration itself is fixed and known only to him.

Advantage for the merchant is that he receives a certificate for an unauthorized purchase by checking the password. Thus his liability for any chargebacks will limited by the customer. Without 3-D Secure is liable always the operator of the online shop for abusive used credit cards. Provides a webshop, the 3- D Secure process where there is a liability shift: now the card-issuing bank is liable for damages resulting from misuse cards used. This liability shift preserves the dealer before a payment default.

Some bank shifts the liability in cases of abuse to the customers. It requires payment without a concrete proof of a fault. Consumer advocates believe that this is illegal. Visa, MasterCard, as well as the German banks and savings banks association have pledged to provide participants in 3 -D Secure process for misuse of their credit card data no worse than owners of conventional credit cards.

Dissemination

As the first credit card in Germany has, since January 2008 the Lufthansa Miles & More Credit Card in the course of that switch from Visa to MasterCard Secure Code the procedure. Among the banks that offer 3-D Secure, are currently the Targobank, DZ Bank ( local cooperative banks ), the German bank, Commerzbank, Noris Bank, Wüstenrot Bank, the Savings Banks Finance Group, HypoVereinsbank and, since March 2010, the Sparda banks. Also, the German pharmacists and doctors Bank, Landesbank Berlin and the German Bank use this service.

The implementation of MasterCard SecureCode or Verified by Visa imposed mandatory - Meanwhile from every German acquirers - give the company the dealers card acceptance.

Disadvantages for the cardholder

Critics complain that the customer has to memorize another secure password permanently in order to continue using the card as usual in the Internet.

In principle, anyone who knows the rudimentary data of the cardholder and the credit card can, at any time to create a new 3-D Secure Code in order to purchase on the internet. The proof that the cardholder has not created the 3-D Secure code itself is nowhere given.

The consumer magazine wiso reported in the broadcast on 21 February 2011 by a concrete abuse case where the aggrieved credit card holder suffered a loss of just under 3000 euros, the bank does not want to replace. Annabel Oelmann of the consumer center in Dusseldorf, said: " We can see no evidence that the safety of the customers is increased. Quite the contrary: The customer assumes the additional risk that he must stick it in the abuse case. That is, an advantage for the customer is not apparent here. "Even the ARD Guide from February 26, 2011 reported on a German tourist in Spain, who had handed over to the payee both his credit card and his ID in payment of an invoice. This was, so it makes it seem the payee in a position to make a 3- D Secure registration independently and without knowledge of the cardholder and subsequently make on the credit card account dispositions.

The German banking industry has, however, towards the Foundation Warentest pledged in May 2011 that when using the new method less favorable German bank customers should be feared. Therefore Stiftung Warentest says since that exist in German cards no objection to participation in 3-D Secure. With credit cards from other providers will, however, still recommended to ask more precisely and only then to sign up for new security procedures, " if the company assures to put them no worse in abuse cases than in conventional card payment. "

13330
de