As someone in the financial payment industry, let me shed some light on it. 3DSecure (the generic name) when used, generally prevents the user from issuing chargebacks, even in the case of fraud. It's a Terms & Conditions change basically for that purchase. Since your credentials can be hijacked at your web browser level, it is possible to give up your credentials AND give up your ability to re-mediate the issue later.
If you are purchasing stuff online, I advise using a credit card and CVV. Federal law (in the US) limits your damages to $50 total in the event of Fraud. (Not true of debit cards, or 3DSecure).
Although the mandatory sign-up for VBV on Newegg is old news (~3 years ago now?), any time you get a "you are now being redirected to your credit card's website for a mandatory additional agreement," that should be a huge red flag.
You can cancel the "mandatory" VBV page by pressing the back button. At first, the VBV page did have a tiny link that let you opt-out, but it disappeared some time in 2009.
I was quite surprised when I had finally given up and was ready to empty the Newegg shopping cart, only to find the order was accepted when I used the back button to escape VBV.
does this mean i have more than $50 fraid liability if something goes south with my newegg purchase? if so- thus is a real reason not to risk doing business with them.
Kind of sad, the last time I built a PC I had to have the hardware within 2 days. Newegg said the order went through and then the next day I got an e-mail to call and verify my order. I cancelled the order, found everything on Amazon for the same price and had it shipped overnight it.
I don't know how many times now I've gone to an e-commerce site and the stupid Mastercard-Securecode has popped up, or my order has been frozen for verification -- and I immediately go straight to Amazon. Perhaps the real beneficiary here is Amazon. They know my order history and they know when I order a $4000 TV to an address I been shipping $X amount of stuff to without incident.
I've also shifted all my business from newegg to amazon for that reason and also this one: newegg's packing is horrible. What am I supposed to do with an enormous pile of packing peanuts from the box that's three times larger than it needs to be? If you want to collapse the box, good luck pouring all those peanuts into a garbage bag without getting them everywhere. And if you don't have access to a dumpster, you get to waste a ton of space in your garbage can.
With amazon, you get to stab the air bubbles with a knife and wad them up.
same thing happened to me. on a whim, i wanted a very specific poster. i went to order it from the first place i found it and then had trouble on the order enty. after 10 minites of frustration i decided to check amazon, and found it cheaper and with free shipping, as im on prime. amazon really is the walmart of the web. my last newegg purchase was split as many of the pieces were cheaper on amazon, and i have more trust in them.
Nothing. This 'feature' is entirely designed to reduce the banks' liability. It shifts the onus of security onto you (from the banks and the merchants).
It sounds like in principle it might also reduce fraud overall. Thus, maybe 80% of the fraud goes away and 20% remains, but that liability is shifted to the consumer rather than the bank (who otherwise passes it to the merchant anyway). If the merchant has reduced fraud liability, they may be able to offer lower prices. So, in principle there might be a long-term win for the consumer. In practice, who knows.
I think the idea of a pin at checkout is a good one to reduce fraud. However this is more work for the consumer, and reduces the bank's liability. Most consumers would probably prefer this, as it makes their card more secure and reduces the possibility of fraud hassles, which are annoying regardless of liability. Having something that is more work for the consumer and could save the bank money switch the liability to the consumer is just obnoxious.
There is now Chip and pin fraud. With chip and pin the liability is now on the consumer to prove it wasn't their transaction. Customers have had to take the banks to court in the UK to get fraud losses removed. In these cases it has been proven that Chip and pin is infallible. Same applies online with 3-D secure.
> I think the idea of a pin at checkout is a good one to reduce fraud.
For in-person transactions, merchants can check your signature against the one on the card or alternatively ask to see a photo ID. The process is there, though it's hardly ever done.
Given the fact that your signature is on the card, this seem rather ineffective. Approximate signatures are easy to forge and no merchant will deny a transaction based on a different signature.
In fact, that is not the purpose of your signature. The purpose is that you are signing a contract and agreeing to pay. It has nothing to do with security or fraud and merchants are not supposed to check signature matches - only that you signed.
A smiley face is a valid signature, as long as it is you and you agree to the credit card contract.
Actually, signing the receipt has everything to do with fraud. If you use a credit card in a transaction you are required to pay regardless of whether you sign an agreement saying so. The difference is, if the merchant does not collect your signature, they are liable for any chargebacks AKA reports of fraud whereas the bank would be if the merchant did collect the signature. [1][2]
My point in bringing up the signature line on the back of the card is that, while it might not meet your personal standard of effectiveness, it is an example of "a pin at checkout is a good one to reduce fraud. However it is more work for the consumer, and reduces the bank's liability."
Signature verification is an old-fashioned, and perhaps imperfect, nonetheless established method of security.
If you have ever used traveler's checks, you will know that they also use signature-matching as the method of security/verification.
Because if you did not sign, there is no written contract for that transaction, so there is far less of a case that the charge is valid. Regardless of what the signature looks like, you are liable if it was you (or someone you authorized) who signed and you are not liable otherwise. You are even liable if you charged for the transaction but did not sign - there is just no written, signed contract, so you are presumed not to have agreed to the charge.
None of the above is legal advice as IANAL, however I do believe it is correct.
Do you really think a merchant can verify those electronic scribbles on a tiny, crappy pen input device? No. Any mark made by you with the intent to sign is a legal signature.
None really. A) Fraud liability effectively shifts to you, versus the often waived $50 limit, and B) it interjects an authorisation from your issuing bank into the checkout process oftentimes screwing it up.
If you are purchasing stuff online, I advise using a credit card and CVV. Federal law (in the US) limits your damages to $50 total in the event of Fraud. (Not true of debit cards, or 3DSecure).
http://en.wikipedia.org/wiki/3-D_Secure