Dear all:
I'm using streamline as my merchant account provider and protx as my payment gateway. I started to use 3d secure last month and was told that if 3d secure is successful we merchant are not liable for CNP chargebacks on that transaction. But it turns out misinformation , if not lying to us. A lot of our customers are from US and there are CNP chargebacks even if the transaction is 3d secure - ok.
When we tried to phone streamline about this, their operator didn't seems get any information about this issue, until they foward serval times and someone in streamline told us that US/CA credit cards are not involved in visa-europe's 3d secure plan! Then I checked the VISA website , but the website states from April 2003 3d secure is working internationally.
Could anyone please tell me what should we do now? This gives us really bad experience with 3d secure and streamline. Also , protx gaves us incorrect information on 3d secure state on their website too. How could this happen?

It depends on the reason of the chargeback. Usually it willl prevent the "I didn't do its", but if the client says he / she did not receive the merchandise, etc there is not too much you can do about it if you do not have a signature

As I have mentioned in the post, it's CNP (card not present) chargeback, the offical name of "I didn't do this"..

Card not present is not the reason. This is the type of transaction.

Some reasons that 3d secure cannot help:
Failure of merchant to respond to retrieval request.
Cardholder was billed more than once for the same transaction.
Failure of merchant to follow correct procedures in completing the sales slip at the point-of-sale.
A credit or refund was not properly processed.
71 - Declined Authorization
80 - Incorrect Transaction Amount or Account Number
A card was used either before or after its valid date.
53 - Not as Described or Defective Merchandise
30 - Services Not Provided or Merchandise Not Received
41 - Cancelled Recurring Transaction


But if the cardholder denies making the transaction - then this is where 3d Secure would be beneficial

Or are you referring to:
[83 - Fraudulent Transaction - Card-absent Environment] Merchant processed a transaction in a card-absent environment without cardholder permission or with a fictitious account number, or processed an electronic commerce transaction that meets specified requirements

O, sorry, I use the wrong term, I meant "Not authorized" , not CNP. The card was report stolen after the goods are sent, and we checked the 3d secure state which is flaged Green (OK) in protx console. We were outraged by the false claim made by Streamline. We demanded written terms and conditions from Streamline but they said that they don't have such document available. They verbally elaborated their claims by saying that we wouldn't get immunized if we accept 3D Secure cards from US and Canada card issuers.

Edit: spelling.

Another thread confirming that Verifed by VISA and 3D is is sucks :) I'm waiting for past 3 years for them to invent something that can protect Online Merchants against this kind of fraud - but we still here, where we started at 2000...

Hopefully by 2010 situation will change.

In a PDF streamline sent to us regarding 3d secure.
"
Changes in liability from merchant to issuer
Using these authentication services by the merchant shifts the liability in the event of a
chargeback from the merchant to the card issuer, under any of the following conditions:
• merchant and acquirer have installed either of the services but the cardholder is not
enrolled for the service(s)
• merchant and cardholder have both enrolled for the service(s)
• merchant and acquirer have installed either of the services but the issuer is not enabled
to operate the service
• all Verified by Visa transactions globally where the cardholder disputes participation
• all MasterCard SecureCode transactions globally except from cardholders in North and
Latin America. Maestro cards will also be supported through the MasterCard service from
the summer of 2005
"

In this case, the CC are VISA. According to the document they sent to us , Streamline should not send us "Not authorized" chargeback if the 3d secure is succesful or even if the cardholder is not enroll.
But that chargeback still comes through! What should we do now? Accuse Streamline and/or VISA? Or get another merchant account like Barclay? Someone please tell me :(

Try to solve this with Steamline first - send them a LETTER by mail and ask for WRITTEN reply. Don't talk to Customer Service - they don't know anything anyway :) Most of the cases they got their training in 2003 (2-3 years ago).

If this is not work - look for new provider.

Was the consumer also a member of VBV? I used to use them but decided that it was not really worth my time. The "benefits" that I was supposed to have really did not out number the cons. Using my own scrubbing techniques have saved me a lot more money.

Steven-V hit it on the head - talk to the Streamline people. Emailing might work - getting it in writing is fantastic if you can do that. Companies though like that are very reluctant to put anything in writing unfortunately that could come back and hurt them.

For example, Friday night MasterCard pushed an update but neglected to do some final checking on all platforms. So come Saturday morning, merchants in the United States were having failing transactions from consumers in other parts of the world. MasterCard would not put anything in writing, only would tell us "it is the highest priority". Five hours later, it was fixed.

Looking st Streamline's website, you might be better off with another processor but I could not actually tell is Streamline sold you the 3D secure as well or did that come from another party?

Ok. Thanks. I'll try to mail streamline to solve this. Just in case, is it possible that 3d secure CAN prevent "Not authorized" CB's as it states? Or it just totally useless like our case?

Chargebacks protection is only applicable to certain fraud-related chargeback types, and certain transaction types are excluded from coverage. There are exceptions to the chargeback protection:
Those made with procurement cards
Those where payment must be “re-authorized” and the cardholder is not available to input password (such as orders requiring split shipment or backordered goods). Exceptions to this rule apply if certain transaction data (CAVV and XID) can be resubmitted with the subsequent transaction.
Sales transacted via “one click buy” technologies
Recurring billing
Transactions that fail to authenticate.


It is also my understanding that there is a chance that if the cardholder is in the United States with MasterCard - they need to also been enrolled and authenticated while Visa cardholders do not.

This might be something to ask them as well to confirm. Plus things might have changed a bit as well. I looked into this a few years back but I was not as pleased with the outcome.

Thank you Corey, I might have found our problem. We set all order in protx to auth/release mode, for we need to make sure that the goods are in stock to prevent backorders. However protx / streamline didn't mentioned the 3d secure compatible issue with auth/release method. Our estimate lost due to this hole in the last month is quite high , around serval hundred's of thousands USD. We're not pleased with it but we might have to accept this fact. We might lost the streamline merchant account due to the chargeback rate might goes up to over 5%.
We'll continue to communicate to streamline.
It's an expansive lesson for us to learn more about 3d secure. Sigh.

Edit: But the auth/Release method in protx didn't need to re-authorized within 7 days, and our orders are release for sure in 24 hours. We phoned streamline this time, and they changed their parlance again. They told us that we just need to defend those chargeback cases. Hmm, interesting, let's see what happened later on.

So it seems you are referring to
Those where payment must be “re-authorized” and the cardholder is not available to input password (such as orders requiring split shipment or backordered goods). Exceptions to this rule apply if certain transaction data (CAVV and XID) can be resubmitted with the subsequent transaction.Unfortunately people read these but it does not really make too much sense.

3D secure requires the customer interaction on the transaction. If the transaction is approved any other way (i.e. rebill) - then 3D secure is not valid.

3D secure (VbV/MCSC) is a very cool thing IF YOUR PROVIDER KNOWS HOW TO USE IT!!!!
Implementation is a very tricky, and if you trust your gateway or merchant account provider to set it up for you, most likely it will not be made correct. You have to work direclty with 3D secure service provider, if possible. Go to Streamline and ask them who is 3D secure service provider for them, and then go to those guys and ask to verify if your MID is setup corectly with VISA and MC. I am sure your current account setup is wrong.

For US based merchant accounts you recieve complete protection on all fraudulent regardless of enrollment in the program or bank participation. For Visa you also recieve chargeback blocking protection. This means that when a fraudulnt chargeback is issued it is blockd at the issuer. For international transactions you must represent the authentication information to your acquirer an the chargeback will be reversed.

I did a little research on streamline and bounced your issues around several people on our end. Because we don't work with styreamline we have zero visibility into whether they are properly passing and recieiving the data and your merchant account is configured properly.

http://www.streamline.com/Already_a_customer/Additional_products_&_services/Fraud_screening/default.htm

In the US you must be an ecommerce merchant and your gateway must be set up on an ecommerce account. You must also be using a gateway that is certified to pass the data to the processor.

Have you represented on the fraudulent chargebacks you recieved?

VbV, MasterCard Secure Code, 3D...whatever you name it, it does NOT work. It has all been invented to protect Visa, MasterCard and to earn more money, nothing else.

They have plenty of money and time to invent a real solution: Just cooperate with Microsoft, Compaq, Dell or any big company that is interested and have a terminal integrated in the keyboard of the computer and have people sign it with a digital signature. That will be the end of CNP transactions and chargebacks. Very easy, very effective. Right now, merchants get screwed over and over again by Visa and MasterCard.

VbV, MasterCard Secure Code, 3D...whatever you name it, it does NOT work. It has all been invented to protect Visa, MasterCard and to earn more money, nothing else.

They have plenty of money and time to invent a real solution: Just cooperate with Microsoft, Compaq, Dell or any big company that is interested and have a terminal integrated in the keyboard of the computer and have people sign it with a digital signature. That will be the end of CNP transactions and chargebacks. Very easy, very effective. Right now, merchants get screwed over and over again by Visa and MasterCard.

Miklo, your assumption is wrong. It works very good for us and our merchants. As for digital signature keypad it is very expensive to implement and it is not effective. What, are you going to go after each chargebacked customer and trace his IP back to verify that it was actually him at the moment you got his signature? LOL :)... You better stick with voice authorization then...

One question though where in what I have been reading - VBV works for the merchant even if the cardholder is not registered. But for MSC, in the USA, the cardholder has to be registered and authenticated for the protection? In EU, this is not the case.

Maybe they have changed that but if not it would seem that MasterCard cardholders in the United States still could potentially request chargebacks (I didn't do it)

One question though where in what I have been reading - VBV works for the merchant even if the cardholder is not registered. But for MSC, in the USA, the cardholder has to be registered and authenticated for the protection? In EU, this is not the case.

Maybe they have changed that but if not it would seem that MasterCard cardholders in the United States still could potentially request chargebacks (I didn't do it)

Corey, you are right. Working with VISA is a real pleasure, while with MC is a pain. With Visa transactions merchant gets 98% automatically protected even if the issuer bank itself is not enrolled. With Mastercard it is a mirror picture, 98% or users/banks are not registered/enrolled and without registration there is no protection for merchant. As for Europe, there is a small amount of banks enrolled in Spain and UK. The rest is non-enrolled. But again, with Visa transactions merchant really should not care, but with MC the traditional fraud management techniques should be used instead of MCSC, such as GeoIP/proxy, ISP/E-mail check, and phone verification.

Thanks. I studied it a couple of years ago but locating a company to work with proved fruitless so I never looked too much more into it. There seemed to be some drawbacks that most would not really answer - or rather change the subject

Corey,

MasterCard has mandated SecureCode for all US based issuers in the United States as of last year. If you issue MasterCards you must support the program and begin enrolling cardholders and have them shop with supporting stores.

Visa gives a blanket coverage across the board. MsaterCard only protects on enrolled cardholders but they drop your interchange rates to UCAF across the board at your bank, which brings them down to almost brick and mortar rates just for providing the service to a small minority of shoppers.

In the EU its much different. SecureCode is a global program that covers all MasterCard regions. There are no countries that are not participating.

Currently, chargeback protection is afforded to fully authenticated intra-regional and inter-regional authorizations in all regions.

For intra-regional authorizations in Europe, AP, South Asia/Middle East/Africa and Latin America/Caribbean (everywhere but U.S. and Canada), chargeback protection is afforded for 'merchant-only' transactions, meaning the merchant participates in SecureCode but the issuer and cardholder do not participate or do not provide the SecureCode.

For inter-regional authorizations between Europe, AP and South Asia/Middle East Africa the 'merchant-only' chargeback protection is also in effect.

In English.....if you run SecureCode as an international merchant, you are no longer liable for CC fraud just like Verified by Visa in the states.

One of the largest consumer electronics merchants in the world with us runs both the services. They are getting the lowest possible rates on all domestic Visa and MasterCard transactions and they have international business which they process under an international bank so they enjoy the satisfation of not being liable for any fraud internationally. The lowest rates, the least liability possible for fraud, which is supplied by Visa and MasterCard just can't be beat.

Corey,

MasterCard has mandated SecureCode for all US based issuers in the United States as of last year. If you issue MasterCards you must support the program and begin enrolling cardholders and have them shop with supporting stores. Thanks but that part really does not answer the question. Supporting is one thing - protection is another.
Currently, chargeback protection is afforded to fully authenticated intra-regional and inter-regional authorizations in all regions.So in essence if the United States cardholder is using MasterCard but not enrolled or authenticated, then the transaction is not protected.
Or
In English.....if you run SecureCode as an international merchant, you are no longer liable for CC fraud just like Verified by Visa in the states.Recurring billing is not protected by MSC as well as pre-authorizations that have expired.

I think that is what he original poster is looking for. What transactions are exactly protected and what ones are not.

I remember when we talked about this as well. I cannot remember though what company I called in regards to MSC but I do remember the runaround I got. It seems that no one really wants to answer the question.

It seems that Leksus did confirm though that what Corey said was correct, but the company that sells this service seemed to beat around the bush some.

Maybe CardinalCommerce will come back and confirm this. They might not really want to though since all Mastercard US transactions are not protected and this hurts their selling practice?

I remember when we talked about this as well. I cannot remember though what company I called in regards to MSC but I do remember the runaround I got. It seems that no one really wants to answer the question.

It seems that Leksus did confirm though that what Corey said was correct, but the company that sells this service seemed to beat around the bush some.

Maybe CardinalCommerce will come back and confirm this. They might not really want to though since all Mastercard US transactions are not protected and this hurts their selling practice?

LOL :) Cardinal Commerce is not an exclusive provider of 3D Secure. There is a 5 pages list of 3D secure compliant vendors on Visa website. Check it out.
As for MasterCard, you are not correct. Not all MssterCard US transactions not protected but ONLY for those MC users who did not enroll in the program. Just answer following simple questions and you will understand:
Do you have Mastercard? (I guess Yes)
Is you MC issuer bank enrolled in MC Secure Code? (most likely Yes)
DID YOU enroll yourself in MCSC and created PIN? (most likely No)
Thus, when you go shopping with your MC the merchant you buy stuff from WILL NOT be protected from "I did not do it" chargeback if you make one.
Cheers.

I remember when we talked about this as well. I cannot remember though what company I called in regards to MSC but I do remember the runaround I got. It seems that no one really wants to answer the question.

It seems that Leksus did confirm though that what Corey said was correct, but the company that sells this service seemed to beat around the bush some.

Maybe CardinalCommerce will come back and confirm this. They might not really want to though since all Mastercard US transactions are not protected and this hurts their selling practice?

Sorry for the confusion.

MasterCard SecureCode for US merchants only protects on enrolled cards.

MasterCard SecureCode merchants may only be protected on enrolled cardholders...which is unfortunate...but you recieve in return an almost brick and mortar rate (between a 22 and 59 basis point reduction on interchange depending on enrollment and credit or debit) on all your MasterCard transcations.

Hope that clears it up.