Oakville, Ont.-based InternetSecure offers a service that requires card holders to enter a PIN (personal information number) at the same time as they make an online purchase. The thinking behind the service is that shoppers feel more confident that their card numbers are protected from would-be hackers and that merchants are assured that the shoppers are genuine.
MasterCard is branding the service “SecureCode” for its card holders.
“It’s a way to secure the online space so that the issuer knows that this is indeed the actual cardholder engaging in the transaction and provides the merchant that the guarantee that is enjoyed by other retailers in the face-to-face environment,” said Don Lebeuf, vice-president of acquirer relations for MasterCard Canada.
Credit card transactions in brick-and-mortar stores are protected by a series of procedures that include the card holder’s actual signature, he added. In the case of online transactions, a PIN acts as a digital signature.
“If it’s a SecureCode-authenticated transaction, the merchant is protected from chargebacks,” he said. “It’s authenticated in a PIN-like environment where the cardholder has been validated, so the merchant is not held liable.”
In the past, online merchants may have become victim to chargeback schemes, he explained, where unscrupulous shoppers claim that a transaction was made without their consent, even though they were responsible for the purchase.
“What it prevents is people saying, ‘It wasn’t me, I didn’t do it,’” added Mia Huntington, director of business development for InternetSecure.
More than 2,200 Canadian merchants currently use an InternetSecure service, which is already available from a number of other credit card companies, including Visa and American Express. The largest participating merchant is Air Canada. MasterCard issuers that have already signed up for the SecureCode service include Sears Canada and Canadian Tire.
Companies like MasterCard go the lengths to ensure shoppers that the Web is a safe environment in which to make purchases, said Lebeuf.
“They’re worried about having their card compromised . . . but there’s a lack of consumer awareness of what their rights are,” he said, adding that consumers are protected by zero liability whether they’re shopping online or in an actual store location.
The PIN system employed by InternetSecure is completely locked down, said Huntington. The retailer never sees the PIN, nor does InternetSecure. That information is hosted in a MasterCard data centre.
Last year, concerns were raised over credit card safety when it was revealed that as many as 40 million card numbers were at risk due to a hacker attack on third-party payment processor CardSystems Solutions, based in Tuscon, Ariz. Accounts from Visa, MasterCard, American Express and other card companies were deemed to be at risk.
By adding a PIN system to Internet shopping “it’s not even possible for that to happen,” said Huntington.
MasterCard Canada’s agreement with InternetSecure is part of a broader agreement with parent company MasterCard International. On a global basis, 3,000 financial institutions and about 77,000 online merchants are now enrolled in the MasterCard SecureCode program.