Verified by Visa / 3D Secure – Minor Changes to Payment Processing

verified by visa - 3d secure
Realex Logo
Over the last couple of weeks our developers have been working closely with both Realex and our bank to integrate 3D Secure / Verified by Visa.
If you want to know more about how the verified by Visa / 3D Secure system works there is a lot of information about it available on the Visa site.
Put simply 3D Secure offers cardholders an extra layer of security which should help mitigate issues with phishing and other threats.
In order for your card to work with 3D Secure your bank must first be enrolled with the system.
So how does this affect orders placed with our site?
In practice only a very small change will occur.
Previously you gave us your credit card details (over a secure connection) and we passed it over to Realex, who in turn verified it with your bank and passed the information back to us.
Now if the card used is enrolled in the system you will see a number of new screens.
The first screen, which you can see below, is fairly self-explanatory.
pre-redirect-step1.png
The next screen also resides on our servers. As our system has to “talk” to Visa’s servers there can be a slight delay during which time you will see the progress screen below:
bk-visa-redirect-page.png
When you are finally passed over to the 3D secure site hosted by Visa (or the MasterCard equivalent) you will see something like this:
verifiedbyvisapage.png
If your card has already been enrolled you can enter your password to authorise the transaction with the merchant (ie. us) and you will then be passed back to our website to finalise it.
If the card is enrolled the password MUST be used, so this should help reduce fraud.
If you notice any issues or have any queries about the new system please let us know

2 Responses to Verified by Visa / 3D Secure – Minor Changes to Payment Processing

  1. ben October 17, 2007 at 09:58 #

    Hi,
    we are investigating this, however, I cannot find anywhere if this is going to become compulsory or not. can anyone clarify this for me?
    thanks,
    ben

  2. Phishing November 8, 2007 at 13:07 #

    Users are trained to input their bank details into screens that “magically” appear?
    This is insanity.
    It does not matter if it is secure in your case. This encourages social engineering attacks.
    I am sure someone will find a nice scam, fooling users into typing both passwords and PINs to their bank account. Then they won’t just get an unauthorized CC bill, they’ll loose everything on their savings account…