Net income

Charge backs and a fear of fraud have thus far held back consumer e-commerce within the Middle East. However, the advent of the 3-D Secure protocol looks set to solve this as it brings higher levels of identification and authentication to online payments, as well as providing extra protection for local merchants.

  • E-Mail
By  Vijaya Cherian Published  February 26, 2003

I|~||~||~|E-commerce has grown impressively in the Middle East over the last couple of years, but it is yet to experience the boom that many predicted. The reasons for this are manifold, but, come April 1, one of the largest obstacles that has prevented merchants taking their wares online will be addressed, namely charge backs.

The solution comes in the form of Visa and MasterCard’s global mandate, which says that all member banks should have implemented the 3-D Secure protocol by April 1. The protocol dictates that extra parameters are added to online payment engines that identify and authenticate cardholders when they make a purchase on the internet. Such a move will better protect the merchants, who currently get charged by the bank if a purchase is contested.

“Currently, if we report a case of fraud, the credit card company gives us 10 days to prove that the customer did not do it and then charges us for the transaction,” says Simon Lewis, e-business group manager of E-ventures, an independent wing of the Emirates Group. “How do they expect to promote e-commerce if they ask us for a point of sale signature as proof for an online transaction?” he asks.

Peter Conmy, internet and distribution manager of media publishing house ITP agrees.
“Credit card companies have so far secured only the customers. They have not secured the merchants,” he says.

The new technology addresses such complaints. With 3-D Secure, cardholders are required to authenticate each new online transaction twice — once with their pin number, and once with their password. According to financial houses, this two-pronged method of authentication will be more difficult to compromise than a single one. Furthermore, it shifts the liability caused by fraud from the merchant to the bank and its cardholder.
The move is predicted to boost the adoption of e-commerce in the region, as it secures merchants and reduces the risk of fraudulent and disputed transactions. “3-D Secure can be easily migrated into a bank’s core system because it is inexpensive and flexible,” says Melanie Cameron, new technologies manager, Visa.

“With this technology, if a bank wants to customise certain parts of it [3-D Secure] to suit its demands, it can be done easily because this is an open standard. We have worked closely with MasterCard and the vendor community while this was being developed to ensure that it became an easier route for banks to go into e-commerce,” she adds.

The 3-D platform has been developed to overcome some of the previous inconveniences that hindered e-commerce. “Prior to this, there was another internet authentication standard called secure electronic transaction (SET). That technology was great, but its implementation was too costly for the financial sector and it could not be justified in a market that wasn’t biting,” she explains.

“It was also not user-friendly in that consumers had to re-register every time they sat on a different PC. Secondly, the fact that the merchant had to absorb the bad transaction in the event of a dispute has now been rectified. This will make a tremendous difference to e-commerce,” Cameron continues.

Ivan Jones, vice president e-business development, MasterCard International, Middle East & North Africa concurs. “This is a very young market and the e-merchant business has largely been untapped because of the fear of fraud. Now, with this new technology guaranteeing payment to the merchant, we believe that there will be a fast growth in merchant acquirement. This lack of guarantee was also the reason why US merchants never shipped outside of the US. But now, that will also change,” he says.

Both Visa and MasterCard have two separate authentication programmes that support the 3-D Secure protocol. Visa has been touting its Verified by Visa programme since July last year, while MasterCard has also been talking up its Universal Cardholder Authentication Field (UCAF) programme. Both have been actively promoting their respective security solutions in an attempt to acquire banks and payment gateway solutions providers in the region by asking the banks to incorporate their solutions into their back end systems.

||**||II|~||~||~|Enterprises like E-ventures and ITP that have extended their businesses online welcome the new technology, as it guarantees payment for them. Furthermore, the merchants have to do little to implement the new technology on their systems as the onus of integrating this technology into back end systems rests with payment gateway solution providers and the acquiring and issuing banks. The one question that remains, however, is whether or not the solution providers will be ready by April 1.

Emirates Bank Group (EBG) says it is ready for the changeover. “We will enable the programme for our merchants from the day the law shifts,” confirms Mohammed Aljallaf, senior manager, electronic banking service, Emirates Bank Group.

Comtrust, Etisalat’s e-commerce subsidiary, is also expected to offer a 3-D solution, but details of the payment gateway provider’s 3-D readiness were unavailable at the time of going to press.

However, whether the online payment sectors non-financial entities are ready or not is, to some extent, irrelevant, as banks would appear to have a distinct advantage over other online payment providers.

“Other companies in the region offer only the payment gateway and then tie up with banks to complete the solution. As a merchant, you then have to sign two contracts — one with a bank and one with the payment gateway provider. So, in the event of a dispute, you have to deal with both parties. With EBI, a merchant signs only one contract,” says Aljallaf. “When he wants to add something extra, the procedure to talk and implement solutions becomes easier when there is only one party involved,” he adds.

EBI has taken full advantage of this position by signing up a number of high profile merchants, such as Showtime and ITP, already. “When a merchant comes to us for a solution, we look at their business proposition, their readiness to go online [and] potential risks. If all is well, enabling a merchant payment gateway is quite easy. We just give the merchant a java applet and a technical document. All he has to do is click on it and set the parameters. Moreover, the two common platforms used here are Unix based platforms or Microsoft — our application works with both as it is platform independent,” he explains.
However, EBI does not encourage high risk merchants to go online. “We don’t offer payment gateways to potential high risk businesses that sell electronic goods and jewellery,” admits Aljallaf.

As a result, the bank has only experienced a fraud rate of between 2 and 5%. Now, with 3-D Secure, it hopes to eliminate chances of disputed transactions completely. “We will be sending upgrades and patches to our merchants to integrate it with their back end system and then, they will be 3-D secure as well,” confirms Aljallaf.

Despite EBI’s efforts, most organisations in the region with an online payment gateway will not be able to make the April 1 deadline. Kuwait’s Burgan Bank, for instance, will not make it. “But we will be ready by the second quarter of this year,” promises Lamya Altabtebai, general manager, IT & operations, Burgan Bank. “However, nobody else in Kuwait is ready either,” she adds.

||**||III|~||~||~|There are several issues for payment gateway solution providers such as Burgan Bank to address when integrating 3-D secure with their backend systems. For one, it requires integration with their card system and infrastructure.

They need to study the impact of the new technology on their back end systems, what interfaces are to be built and how to create better customer awareness. More importantly, they need to devise a communication system that will accept the continuous forward and backward flow of information.

“We have to ensure that the system does this back and forth communication within a good timeframe and that it does it efficiently and securely as well,” says Altabtebai.

“Also, we are expecting our cardholders to forget their passwords. So we have to come up with a good and efficient system that will enable them to re-authenticate themselves,” she adds, justifying the time delay.

The bank is taking its time with its solutions and moving slowly but steadily through the market. When the finance house decided to get an online payment gateway developed by e-payment solutions provider, ACI Worldwide, it looked for a solution that would be appropriate to the region.

“Our research showed us that the ratio of debit card to credit card is ten to one,” says Altabtebai. “So we wanted an online payment system that would also accept payments via the ATM cards, not just credit cards. This was the first time ACI developed a solution like this, as they were not convinced that it was that important. But now, ACI is rolling it out as a standard feature with its online payment gateway solutions in the region because it realised that the region requires it,” she adds.

Altabtebai says the bank has not had any cases of fraud so far. “Using ATM PINs is common here in Kuwait and we have never had problems before. We are aware of security issues and we are well prepared,” she adds.

Burgan’s payment gateway, called BeeClear, is now being used by several merchants in Kuwait to enable online payment facilities on their site. Kuwait University (KU) is one organisation that has already benefited from Burgan’s choice of payment gateway. KU had overhauled its entire registration process, but students were still expected to physically go to the university to pay in cash and complete the registration process. This defeated the whole purpose of having a system online. Moreover, most students only have ATM cards because they are not eligible for credit cards. “Now, when a student pays online, two systems get updated and that is again unique,” says Altabtebai.

“The first is where the student’s money is transferred from his account with our bank to KU, and second, where the university’s database system records that the student has paid and completes the registration process.”

The solution was easy to implement on the end user’s side. Like Emirates Bank, Burgan Bank has a simple solution for e-merchants and other end users that want to use its e-payment gateway.

“We just send the merchant a plug-in by e-mail. They can install that and then they are done. It is very user friendly, and it shouldn’t take more than a day if they have their web site in order and the shopping cart software,” explains Altabtebai.

The reason why most merchants do not require any complicated integration of hardware or software in the region is because the market is fairly new and systems are usually not more than half a decade old.

||**||IV|~||~||~|In the case of online credit card transactions, no credit card numbers or client data are stored on the merchant’s site. When a customer clicks on pay at the point of online transaction, they are immediately directed to the bank’s secure page. As a result, the information cannot be compromised at the merchant’s end. To ensure this, all cardholders are encouraged to look out for the padlock on the secure page.

Merchants, however, will benefit the most from this new system of payment as they have been victims of fraud in the past. E-ventures, which developed web sites like Emiratesairline.com, Marhabaservices.com and mytravelchannel.com, could not afford the risk. So it resorted to a payment system that, at some point, required offline authentication. “Customers have to sign a point of sale form, which Emirates Airlines uses as a document,” says E-ventures’ Lewis.

Owing to the huge risk and expensive transaction fees on home ground, the company looked for an online payment solution abroad. “We went to a company called TrustMarque for an e-payment solution for mytravelchannel.com. This solution has been programmed into the system to accept online transactions for booking flights,” says Lewis.

Their choice of a web payment management system was based on three factors. That it was “easy to integrate with, that had a multi-currency web site and that there was appropriate risk management,” says Lewis. “For instance, it allows us to configure the parameters of the payment gateway. If you come to MSNArabia, for instance, and try to do business in Africa with a card from the US, while you live somewhere else, we know that there is a risk. And with this payment gateway system, each organisation can decide for itself about how much risk is too much. We therefore can configure the system saying, if the risk is greater than 20%, call the call centre.”

Likewise, for an airline with customers from all over the world, multi-currency was an important consideration. “When I go to Amazon.com, for instance, and shop online, I have to purchase in dollars. That’s the hitch because the hidden cost of conversion rates shows only on my credit card. So, we have a system that can support 50 currencies although only seven are operational. We want to give our customers the choice of paying in their own currency so that they don’t pay more,” says David Robertson, business development manager at E-ventures.

Online transaction fees are fairly expensive for a merchant. “The bank charges Dhs2 per transaction, Visa charges 2.3% if it is their card and MasterCard charges 2.5%,” explains Conmy. Despite these additional charges, tickets are priced lower on itptickets.com than offline. “Online, people usually buy when they see something they like and they buy it early,” explains Conmy. So, it’s worth it, especially because many people book in advance and you get that money early in the bank,” he adds.

ITP’s e-commerce policy has clearly worked. The company has generated more than $180,000 from online ticket sales on itptickets.com in a span of just seven months. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code