Making Online Credit Card Purchases Better

From Unfocusgroup.org

Jump to: navigation, search

Originated by Brendan Fernandes

Ok the thing with online credit card purchases in the olden days was that it was easy to use stolen cards. The customer is always protected from credit card theft because they can get their money back if they declare a transaction to be fraudulent; however, not many people realise is that it's the retailer who gives them their money back - not the credit card company. This process is known as a "chargeback".

Now, the credit card companies have started to realise that this causes a problem for retailers, so have tried to put in measures that help. On the high street, we now have "chip and pin", and online, we have these password authentication schemes, such as "Verified by Visa", "Mastercard Securecode", and "3D secure" or something.

I'm abbreviating this so that you don't get bored.

The idea of these is that when the customer checks out with their credit card, a screen flashes up asking them to sign up for one of these password authentication schemes. This screen is hosted by the credit card provider themselves. This is usually quite unexpected for the customer.

If the customer has not yet signed up to the scheme, they are given the opportunity to provide a password for their credit card. Thereafter, when they make online purchases with the same card, they are required to enter their password for future verification. All well and good.

Ok the first problem is that invariably, you are required to have one of these silly passwords that must contain numbers and letters. This immediately annoys people who aren't very good at remembering passwords to begin with, never mind ones with numbers in too.

The second problem is that if you forget your password, you can change it there and then, provided that you have the credit card in front of you and know your date of birth. I believe that this is easy info to get hold of, so this system is not very secure at all.

The third problem is that when you change your password, you cannot change it to one that you have had before. This is annoying, because quite often people tend to use the same passwords for things, and to cycle through them.

I think that there are many better ways to do this.

The first option is to use mobile phones or email for verification. So when you place a transaction online, your credit card company emails you or texts you, and the transaction is only confirmed when you verify by replying to the text/email.

This is more secure than the existing method, because fewer fraudsters have access to someone's email/phone as well as their credit card info and date of birth.

The other option is at the very least to send you an email password reminder, rather than allowing you to change your password online with just the date of birth.

Retrieved from "http://www.unfocusgroup.org/index.php/Making_Online_Credit_Card_Purchases_Better"
Personal tools