I got called out to a meeting with a client on Saturday evening, and it turned out at the bottom of it all was this: They had turned on Verified By Visa a few weeks ago, and on Saturday morning the MD of the company plus the designer tried to make a paid registration and just plain couldn't figure out how to get past the VBV screen. 

If you have ever tried this you will understand this, as it is a text-book example of bad useability.  Initial indications are that the level of registrations has halved since they switched it on. 

I know that some firms are being pressurised by their banks to implement VBV but  am very concerned about the effect this will have on business.  A partner company in the US has told me that it has pretty much died over there. 

Does any else have experience of VBV and any indication of the effect on the level of sales?  

Certainly a lot of site owners we talk to are very wary of implementing VBV  (3D-Secure, Verified by Visa, and MasterCard Secure Code) because of concerns that it will destroy their conversion rates.

Most of those who we talk to are holding off for as long as they can. The exceptions perhaps are those sites who already experience higher levels of fraud because they have more of a commercial rationale for pushing this forwards (it shifts the risk).

We've also done an intial bit of benchmarking to see if those sites who use VBV are getting better deals (lower costs) from their acquiring banks in terms of credit card fees. We don't have enough data to be sure yet, but this doesn't appear to be the case. I think it should be though - you should pay less if you are prepared to inflict VBV on your customers (and on your business).

Personally, as a web shopper, I hate the VBV bit in the buying process. I've already forgotten my password and can hardly be bothered to try and resurrect it which certainly puts me off sites using VBV if I can buy the same thing elsewhere.

My sense is we've got past the 'internet is a scary place to shop' phase and almost everyone is comfortable with online banking, paying for things with their card online etc.

All these extra layers of security, supposedly 'for our benefit',  feel to me more like a way for the banks to protect themselves (and lower their own risk) than to help consumers. The kind of people who are still scared about transacting online (perhaps older customers) wouldn't stand a chance of figuring their way through most systems being put in place "for their benefit".

To log in to my online banking now I need PINs, cards, about 5 different numbers, memorable this and that, special codes... I'm waiting for the retinal scans. And yet I can't transfer more than £3k online to "protect my security". Yet I can happily fax instructions to someone to transfer my entire bank account elsewhere...

I think the banks are concerned about themselves, and not their customers, and are way behind in terms of the sort of customer experience they should be offering.

Rant over...

Ashley Friedlein
CEO
E-consultancy.com

Hi,

This is something we have encountered with several of our clients. The lack of understanding/awareness of 3D Secure by the consumer is definitely causing issue for etailers.

When the banks launched Chip & Pin they undertook a massive awareness campaign. 3D Secure has never been launched to the consumer. Aside from the usability issues of the iframe format, there have been a number of recorded concerns over phishing such as the Guardian article listed above: http://money.guardian.co.uk/creditanddebt/creditcards/story/0,,2062170,00.html

As a result of this lack of awareness, consumers are definitley dropping out through the checkout process. I've seen various figures for drop outs through the 3D Secure process - ranging from 3% upto 12.5%. Fortunately, there are things that can be done to minimise these rates.

There are a mix of solutions including method of implementation of 3D Secure, usability design and specific communication tools that have helped address the drop out rate. Sadly though, until awareness of the 3D Secure process is raised among consumers it will continue present another barrier to sales.

If you'd like to discuss this in more detail, feel free to drop me a line.

Regards,

Steve

You're quite right Ashley. This is not a solution to protect consumers, this is to minimise the banks risk. As we are all aware, the success of Chip and Pin in reducing fraud in person has resulted in an upswing in customer not present fraud. 3D Secure is intended to address this. (To clarify terms the technology is 3D Secure - Verified by Visa etc. are the branded versions).

In all likelihood this will also result in a shift of liability as well. Currently as consumers, we are all pretty well protected against fraudulent activity on our credit cards online. However, once 3D Secure becomes mandatory (and I have no doubt it will) that liability will shift to us. The banks' arguments will be that you (the consumer) must have divulged your password otherwise the fraud couldn't have taken place. There are numerous reports of banks taking a similar approach in cases of chip and pin fraud (when cards have been cloned). It will be down to the consumer to prove that they are a victim of fraud. Not very reassuring as a consumer, is it?

This is going to be harder to sell to the consumer - but the banks may have already found a way around it. I believe (I'm not absolutely sure) that 3D Secure is now mandatory for Maestro transactions online - so every etailer will find themselves adopting it. I've also been told that the banks are operating a "3 strikes and you're out" policy - if a consumer chooses not to enrol in a 3D Secure programme (as it's presented to them at checkout) three times, then their card will stopped (based loosely on the reasoning that it must then be fraudulent activity).

My own personal experience of this is that I tried to purchase a fridge freezer online last week and dropped out when presented with the 3D Secure check out (couldn't be bothered going through the registration process and not happy about the liability shift). By the close of the day I had my bank on the phone asking me to verify that the cancelled transaction was genuine.

It seems to me 3D Secure is something we will be forced to live with. If like your UK retailer we can hold out until everyone else has implemented 3D Secure, then we should be ok; but the reality is that etailers will be forced to use 3D Secure and WILL lose sales through poor implementation and lack of consumer understanding. It's a real risk hoping that you can hold out until everyone else has implemented it.

Regards,

Steve Webster (Redeye International)

Actually the case in point (in my original post) was using the WorldPay hosted service.  This is their business; if WorldPay can't get it right how is the poor SME going to?

Bob