
Ask HN: Innovations in merchant online online credit card processing? - xtiansimon
My client is a private small business brick and mortar. Their Point of Sale service&#x2F;platform has a web widget for online ordering. Customer is redirected to the platform to place an order for  pickup or delivery.<p>Recently we had a chargeback claiming fraud. The merchant processor asked for proof of EMV chip processing. Of course, that is a nonsense question with online purchase—- our claim of fake fraud is lost before it begins.<p>We reached out to our POS Rep to discuss the situation. Their response was: Hey. Face it. All credit card transactions involve risk. You have to look at chargebacks as an expense.<p>Apart from the credit companies, what efforts are merchants taking to combat fake fraud claims for their online stores and make successful claims in light of the liability shift?
======
xtiansimon
Ok. So everyone is saying 3DS is the state of the art for online fraud
protection. Curiously, I've not encountered this in the wild from my own
online purchases.

I'm reading the Wikipedia article [1] about password verification, "A
transaction...will initiate a redirection to the website of the card issuing
bank to authorize the transaction. Each issuer could use any kind of
authentication method...but typically, a password-based method is used, so to
effectively buy on the Internet means using a password tied to the card."

I don't recall using a password for any of my on online purchases (Amazon,
Walmart.com), and I have not set one up with my CC company (CapitalOne issued
Visa) other than a PIN for cash withdrawals. It's possible these sites use
another form of verification ("Each issuer could use any kind of
authentication method (the protocol does not [specify] this)...") and the
process was so seamless I didn't notice. [cough] Or, maybe these example
companies are so big they actually assume the liability.

My original naive concept of innovations were additional operational protocols
(maybe customers sign receipts at the time of delivery/pickup). Or, maybe
design features in your e-store (prevent fraud-claim-happy users from using
the same card more than once, assuming the customer would cancel their card
after fraud, so you wouldn't permit it to be used again after a fraud claim).
Even as I suggest these ideas, I'm reading other articles [2] explicitly
describing 3DS is actually responding to the liability shift law--which is
ultimate concern. And of course, if these features I'm imagining do not
explicitly respond to liability shift, these ideas would most likely just
confuse the issue.

Any suggestions of online stores implementing 3D or any e-store features
designed to discorage making false fraud claims?

[1]:
[https://en.wikipedia.org/wiki/3-D_Secure](https://en.wikipedia.org/wiki/3-D_Secure)
[2]: [https://blog.gpayments.com/article/liability-
shift-3d-secure...](https://blog.gpayments.com/article/liability-
shift-3d-secure/)

~~~
dylz
I have only encountered this at EU based vendors. I have never encountered
this at a US merchant.

------
Nextgrid
Online transactions have an equivalent of the EMV liability shift called 3D
Secure which any decent merchant acquirer should offer as an option.

In addition, if your _online_ merchant acquirer starts asking about EMV
details I’d be concerned about whether they know what they’re talking about.

------
alam2000
You should enable 3D Secure (3DS) to shift the liability to end user. I will
pop-up a page during checkout and required customer to enter a verification
code before proceed.

------
aaronbrager
You can use address verification and/or 3DS to reduce fraud chargebacks for
online transactions. If you use 3DS then the bank will assume liability for
fraud.

