E-commerce retailers risk losing 15% of sales from the ‘3-D secure’ credit card verification scheme being introduced by Mastercard and Visa unless usability problems are addressed, claims optimum.web, the usability division of RedEye.

This figure could rise to more than 27.5% if the proposed card checking systems are not implemented in a user-centric way on retailers’ sites, the company says.

Optimum.web’s findings follow usability testing conducted on a high profile e-retail site, which had seen sales fall following the introduction of the card verification systems, and expert heuristic reviews of sites across a range of sectors including travel, dating and property.

The usability testing unearthed a range of usability issues on the e-commerce site, but most notably of all it found that 12.5% of users would abandon an online purchase when presented with the first verification screen. A further 25% would not participate willingly until forced to do so, and a proportion of these would probably abandon a purchase at that time.

Following the success of ‘chip and pin’, Mastercard and Visa are encouraging retailers to adopt the 3-D scheme to reduce online fraud. The verification screens are served up independent of the host site and this, says Keith Simpson managing director of optimum.web, is the root of the problem.

“Users are rarely warned before being served the 3-D secure screens so there is a real problem that many view them as part of an elaborate phishing exercise. The design of the screens is generic with no links or association to the site from which the user is trying to make a purchase. It’s no wonder that some users get scared and opt out,” adds Simpson.

In contrast, Simpson says that sites that implement 3-D secure in a user-centric way will raise their trust rating and sell more by demonstrating concern for their customers’ security.

Optimum-web has developed a ‘3-D Secure Implementation Model’ to help retailers make the transition successfully and profitably. In tests this service has been seen to significantly decrease the risk of basket abandonment. Consumers are taken through a usability-tested procedure which hand-holds them through the whole verification process in order to reassure them about 3-D Secure so that they feel confident in taking their purchase through to completion.


Keith Simpson at optimum-web:
T 020 7881 0878, E keith.simpson@redeye.com

Susan Perolls at Loudmouth PR:
T 020 7981 9858, E susanp@loudmouthpr.co.uk

Background to 3-D Secure
3-D Secure is the protocol developed by Visa (branded ‘Verified by Visa’) and MasterCard (branded ‘MasterCard SecureCode) to further secure ‘cardholder absent’ transactions over the internet by authenticating that the person making the e-commerce transaction is the authorised cardholder. Both MasterCard and Visa are pushing merchants to sign up to the standard – the major incentive being that, if they do not sign up to 3-D Secure, they are liable for any fraudulent transactions, whereas the card issuers will be liable for transactions verified through 3-D Secure.

At the point of purchase the issuing bank approaches the customer and requests enrolment, the customer then creates a password and personal assurance message.

When signing up to 3-D Secure the merchant has to change the customer-facing website and they have no control over the contents/style of what the issuing bank displays to the customer within the inline frame.

Issuing banks must allow the cardholder to be able to opt-out from 3-D Secure three times (tracked across multiple merchants). If this occurs, the third merchant will lose the sale as the card issuer can potentially block all online shopping for an unwilling cardholder on participating merchant sites.

Incentive to enrol is low, since customers are currently protected if their card is used fraudulently online. If they enrol in a payer authentication scheme, it is another password for them to remember, and it will be difficult to get the bank to take liability if their card is somehow used fraudulently through disclosure of their password (similar to shift in perceived liability with move from signature to chip & PIN for card present). However, 3-D secure does have the potential to improve customer confidence in online shopping. It should, though, be used as well as, not instead of, fraud screening.

Background to RedEye and optimum-web
Optimum.web is the usability division of RedEye. Red Eye was established in 1997 and clients include William Hill, Asda, Virgin Group and Warner Braks. The company acquired e-RM in September 2005 to strengthen its own email marketing capabilities and optimum-web was acquired in 2006 to complete its integrated portfolio. RedEye is one of the fastest growing digital marcoms businesses in the country and recently featured in the Sunday Times’ Tech Track 100 league3 table.
Optimum-web provides a wide range of usability testing services. It has a unique structure that balances leading-edge research in human-computer interaction (HCI) with extensive commercial experience in practical usability engineering for clients such as Nationwide Building Society, Microsoft, WHSmith, HSBC and QXL. The company's methodologies include expert evaluations, user-based testing and competitive site surveys. The company's work is designed to answer three key questions that everyone involved in the web needs to ask: 1. What are my site's strengths and weaknesses?, 2. How can my site be improved to better meet the needs of users?, 3. How does my site compare to its competitors?. In addition to broad-based usability testing optimum.web offers specialist consultancy in accessibility, internationalisation, culture, information architecture, branding, semiotics and online reputation management.

Published on: 12:00AM on 28th January 2008