By: Bob Lonadier, Director, Security Strategies -- Hurwitz Group - Sept 22, 2000

Credit-card fraud is at an all-time high, thanks to the online marketplace. On September 17, 2000, The New York Times reported that between 5% and 10% of all Internet-based transaction complaints are fraud-related ("Keeping Hackers' Hands Off Your Card Numbers," NYT, 09/17/00). That same week, The Wall Street Journal reported that Internet transactions have a charge-back rate almost four times that of mail order and nine times that of good 'ole brick-and-mortar retail ("Credit Card Scams Bedevil E-Stores," WSJ, 09/19/00). Chargebacks occur when a merchant bank refuses to honor the transaction, usually because the customer disavows any knowledge of having placed the order for the goods or services (called repudiation in legalese).

Bear in mind that these events have next to no impact on the consumer. Repudiation protects consumers from fraud, and the credit-card issuers have protected themselves by placing almost all of the risk on the backs of the merchants, who bear the brunt of the charge-back costs, even when the transaction has been "approved" by issuers. Although not always fraudulent, excessive chargebacks raise the issue of nonrepudiation, or how to make it harder for purchasers to deny participating in a transaction. Pay attention B2B participants and prospects, because this issue will quickly arise in your neighborhood too.

THE HURWITZ TAKE: Technology solutions exist to strengthen nonrepudiation, but the market is slow on the uptake. Visa USA has just announced a smart VISA Technology Platform, using Xcert's digital certificates and Gemplus's smart cards to authorize purchases. Using these technologies, merchants will be able to accept a credit card purchase as if the buyer were "present" (as in a traditional brick-and-mortar purchase) when the buyer is actually "absent." The benefit to merchants is twofold: not only are they charged a lower rate (1.5% vs. 4%) per transaction, but also the chargeback risk is dramatically reduced. Cybersafe is also piloting some smart-card applications with online brokerage, online merchant, and airline transportation partners.

On the merchant side, debit cards make sense because they typically cost even less than 1.5% per transaction to process. A debit card that is difficult to repudiate is even better. The real problem is that the issuing banks don't have much incentive to replace credit cards with debit cards or to adopt the new nonrepudiation technology, because most of the benefits do not accrue to them. Unfortunately, it is up to the merchants to figure out a way to provide customer incentives for using debit cards or the new nonrepudiation technology; otherwise their adoption in the U.S. market will continue to stall. The wheels of progress are turning, just ever so slowly.