Im in the process of adding verified by visa and mastercard securecode to my website and i have some questions.
If the transaction returns a success for verified by visa (meaning i am protected from chargeback) is it safe to ignore any other suspicious signs, such as IP from other country, anonymous proxy etc.. seeing as I am already protected, or will this get me in trouble?
The merchant is relieved of chargeback liability, even when consumers or issuing banks aren't participating in the program, though Visa says in these cases there are "limited exceptions." So, if you are still seeing signs of fraud despite getting the OK from VbyV, its possible you could be susceptible to a chargeback, if the issuer or the cardholder is not participating in the program and so could be a "limited exception". Its probably best to still fully investigate any detectable signs of fraud and forgo sales if necessary.
The whole idea of VbV/MCSC is to allow users accept both international and what seems to be "high-risk" transactions. If you are going to still use and look at geoip score, international, etc. when you have FULL PROTECTION, then you do not need to use VbV/MCSC.
Also a lot depends on WHERE your merchant account is: in US or other regions.
VBV mainly protects you from Chargeback code 75 - cardholder does not recognize the transaction, Chargeback code 62 - Counterfeit Transaction, Chargeback code 83 - Fraudulent Transaction-Card Absent Environment among a few others.
MSC might not protect you as well fully if you are based in the United States. You should contact your merchant account provider or VBV / MSC provider for more confirmation
The merchant is ultimately responsible. I would urge you to go to the site merchant911.org and register and get engaged there you will find that a very valuable resource because cc fraud is on the rise and the fraudsters are getting smarter.
BlueLion, the merchant may or may not be ultimately responsible... it really depends on the circumstances.
If you are running a Visa transaction with VBV and provided that an attempted chargeback falls within the protected reason codes, you will not be liable. This is the case even if the cardholder is not enrolled in the program on their end.
If you are running a MasterCard transaction with MSC and the chargeback attempt falls within the protected reason codes and the cardholder is enrolled, you will be protected but that is not the case if the cardholder is not enrolled. (At least this is the case for the moment - however this policy is in the process of being updated by MasterCard in the near future from what I understand to provide protection for both enrolled and non-enrolled scenarios)
I would also suggest that while VBV/MSC provide an excellent form of "insurance" on your credit card sales - that doesn't mean that you should disregard everything else or stop being diligent on your sales.
After all... I'm sure that most of us have car insurance but that doesn't mean that we purposely stop paying attention when we drive or that we don't seek to still avoid accidents.
CDGcommerce.com - Trusted Merchant Account Solutions since 1998
Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance. Learn more today at http://www.cdgcommerce.com - we look forward to helping your business grow!
I would just like to point out that 75% of all chargebacks that occur within the world of ecommerce are related to fraudulent reason codes. VbV protects against that on all cardholders regardless of enrollment or bank participattion. MCSC only protects on enrolled cards.
The associations track merchants who abause their partnership with Visa and MasterCard and blatantly accept fraud, so you still need to perform soe due diligence to catch fruad although you ultimately aren't liable for a large portion of it.