|
What is Payer Authentication?
Payer Authentication is what CyberSource calls the 3D Secure system. Visa calls its programme Verified by Visa, which is commonly shortened to VbV. MasterCard calls its programme SecureCode.
Payer Authentication is a way for merchants to ensure that the card holder is who they say they are. It was devised by Visa and MasterCard to attempt to limit the number of ‘it wasn’t me’ chargebacks by requiring you to enter a unique password during the checkout process online. The basics of the programme require the merchant to check whether the cardholder is enrolled in the scheme by sending a request through CyberSource to the Visa or MasterCard Directory Server.
CyberSource responds with a URL that you will display to the end user. This URL is actually maintained by the card issuing bank. The user puts in their password and the card issuing bank sends you data about whether or not that password is correct. You send the response to CyberSource and we interpret it for you. If the password is correct, you proceed with the authorisation.
We have heard about a liability shift. What is this all about?
One of the ways that Visa and MasterCard have tried to encourage merchants to implement Payer Authentication is to offer incentives like the liability shift. The liability shift means that the merchant has no liability for ‘it wasn’t me’ chargebacks as long as they have implemented Payer Authentication correctly. You will still have liability for other chargeback types (for example, if the goods were not received).
What happens if the cardholder isn’t enrolled?
As long as the merchant has followed the correct Payer Authentication procedures, the liability shift is maintained even if the cardholder is not enrolled.
We sell in many international markets. Can I use Payer Authentication in all of them?
The 3D Secure system was devised to be used globally. You can check enrolment in all markets. It is important to note that cardholder uptake in some regions may be much less than you are used to seeing here in Europe but the liability shift is maintained.
I keep hearing the term MPI. What is this?
MPI stands for Merchant Plug-In and it is the software that connects to the MasterCard and Visa Directory Servers. CyberSource hosts an MPI for our merchants to use. You access it with your enrolment and validation transactions. When you speak with your acquirers, you would need to let them know that you will be using the CyberSource MPI.
Do any other card schemes participate in 3D Secure?
American Express planned to initially but has never released their sister programme. JCB has released a programme called J/Secure which uses the same standards as the Visa and MasterCard programmes.
How long does it take to implement?
The 3D Secure programmes are complex due to the involvement of three parties – you, the card issuing bank and the cardholder. Implementing the systems can be time consuming and can take anywhere from a month to several months.
Are there any shortcuts?
The programme itself is a standard and there are not ways to cut corners for the basic flow. However, if you feel your developers need assistance, CyberSource can offer our Professional Services team to come in to help with the implementation. The team can also help with education of your developers and/or business team.
What do I need to do to get started?
Implementing Payer Authentication can seem a little daunting. Changes will need to be made to your front-end website to allow users to enter their passwords directly with the issuing bank. In addition, back-end changes will be required to facilitate the enrolment and validation calls to CyberSource, as well as database changes to accommodate persistence of key data for chargeback repudiation.
Key to the success of the implementation is ensuring that you have all of the information to hand, to make certain your process flows are correct and you’ve structured your testing appropriately. Contact CyberSource to arrange for a consultation to help you hit the ground running.
|
