• Motorburn
      Because cars are gadgets
    • Gearburn
      Incisive reviews for the gadget obsessed
    • Ventureburn
      Startup news for emerging markets
    • Jobsburn
      Digital industry jobs for the anti 9 to 5!

Exclusive: storm set to erupt between SA ecommerce players, banks

A major storm looks set to rock the South African online scene as some of the country’s largest ecommerce players square up against its biggest banking powers over online fraud detection.

The heads of companies including Groupon South Africa, Takealot and uAfrica have formed an alliance expressing opposition to a new regulation which forces them and most other ecommerce players in South Africa to use the 3D Secure (Verified by Visa and MasterCard SecureCode) fraud detection system.

The ecommerce players, which have come together under the banner of Opposition to Credit Card Fraud Alliance (OCFA), insists that 3D Secure could “inflict irrevocable harm to the local industry”.

The system, developed by Visa with the intention of improving the security of internet payments, has actually been around for a little while, but it’s only recently that South African banks have started insisting that online merchants who have accounts with them actually use it. They reckon that implementing it will help reduce credit card fraud in the country, especially if everyone is required to use it.

At face value it seems like they’re on to something too. In most current implementations of 3D Secure, the bank prompts the buyer for a password that is known only to the bank and the buyer. Since the seller does not know this password and is not responsible for capturing it, it can be used by the issuing bank as evidence that the person buying goods, from an ecommerce site for instance is indeed their card holder.

But OCFA believes that enforcing the system could see some ecommerce merchants taking a serious dip in sales for a number of reasons, including the fact that 3D Secure doesn’t recognise some credit cards, and also doesn’t work well on mobile, a space where an increasing number of online purchases are taking place.

A massive sales drop

In fact, a number of the websites that Memeburn spoke to in researching the alliances claims reported revenue drop-offs of between 40 and 60 percent when they implemented the system.

“It was just a pain from the start. At UbuntuDeal we had a 50% drop off when people got to the 3D Secure step,” Jess Green told us in reference to the group-buying site he founded which was bought by Bidorbuy in early 2011.

Moreover, the group claims that by enforcing the fraud detection system, the banks would effectively be giving an unfair advantage to international companies. Jaco Roux, technical director at UAfrica (formerly Jump Shopping and home to the South African ecommerce awards), told us that he knew of very few international sites that require 3D secure and that “local merchants would be significantly disadvantaged” if the banks forced them to use the system.

The alliance points out that some ecommerce outfits would be able to set up bank accounts in countries with banks that don’t require their customers to use 3D Secure (hurting the local economy in the process). It claims however that a large number of companies, especially startups and other small operators, would no longer be able to compete.

“It’s obviously not ideal for something to have such a massive impact, especially on a business that’s just getting off the ground,” Green told us. “The ecommerce space in South Africa is still pretty young and you want it to grow but this isn’t helping”.

The banks however insist that 3D Secure is the best solution for tackling online credit card fraud. According to Jacques Celliers, currently the CEO of FNB Business Banking, making the system compulsory will “further enhance capabilities aimed at protecting cardholders’ data”.

‘Sufficient time’ has passed for everyone to be ready

Celliers, who will take over from current FNB CEO and avid tweeter Michael Jordaan at the end of 2013, insists that the country’s ecommerce merchants have had more than enough time get ready for the new system:

“The solution has been enabled for a number of years now allowing sufficient time for all parties to have their operations aligned and for customers to have become familiar with, both the registration processes that each of their banks offer, as well as the actual online shopping verification processes”.

But in a letter addressed to the Payments Association of South Africa (PASA), which is responsible for managing the various payments systems used in the country OCFA, lists the fact that education around 3D Secure, particularly among the general public, “remains at a very low level” as a barrier to its implementation.

The alliance also doesn’t buy the idea that 3D Secure is the best solution for preventing online fraud. In fact, its members believe that the bigger ecommerce players have already shown that their best chance of success is in building their own products.

That’s something that Green definitely agrees with. “We could have done better without using 3D Secure. There are a number of red flags that the owner of an ecommerce site could easily pick up on their own when it comes to detecting fraud,” he said.

OCFA says that its preferred solution would be for them to present their argument to the banks and convince them that rolling out 3D Secure, in its current form at least, isn’t a viable option.

That line is echoed by Groupon South Africa CEO Daniel Guasco, who told us that his company has “robust internal fraud procedures that protect our customers”.

“With these in place”, he said, “we feel we have the time to ensure any industry-wide change is made with best possible outcome for our users, partners and industry. While we agree with measures that further protect our customers these need to be implemented in a timely manner, after robust consultation ensuring user experience is in no way jeopardised and proven both locally and internationally”.

“If the banks want to to have something extra, that’s fine but they should sit down with us and discuss what the best solution is,” Green added.

That however doesn’t seem likely, especially if they engage with individual banks.

According to Celliers:

“While we always listen to suggestions and try assist retailers as much as possible to deal with changes, FNB is unfortunately not in a position to go against industry mandated rules, and take matters that affect the security of card holder data very seriously”.

It’s also unlikely that the alliance’s suggestion that the banks treat the ecommerce merchants on a case by basis, only enforcing 3D Secure at companies with serious fraud problems, will go through either.

“It is important to note that all companies are vulnerable to fraudulent activities no matter how good their controls are,” Celliers told us. “At FNB we will always work as hard as possible to ensure that none of our merchants or cardholders are left vulnerable because a part of the value chain is not yet aligned to industry best practice.”

If these actions don’t succeed however, OCFA claims that it is willing to go to the competition commission. It would be able to do so, it says, because implementing 3D Secure means that people with Diners Club and American Express cards would, for instance not be verified, “defeating the purpose of implementing 3D secure”. It also notes that FNB’s own PayPal service does not make use of 3D Secure. If the system were implemented therefore, the banking giant could stand to gain a serious advantage in the online payments game. But it would be down to the commission to declare whether or not that advantage was legitimate.

It seems however that the alliance genuinely does not want to have to take matters that far and believes that “some relatively minor changes that can be made that would go a long way to preserving the local industry while still addressing the major issues around credit card fraud”.

The letter, sent out today, follows below:

5th August 2013

OCFA (Opposition to Credit Card Fraud Alliance)

Payments Association of South Africa (PASA)

Re: Industry Opposition to Compulsory use of 3D Secure for all online credit card transactions

As stakeholders in the South African eCommerce industry, the Opposition to Credit Card Fraud Alliance (OCFA), has the best interests of the local industry at heart. This includes improving the perception of transacting online amongst consumers, the growth and development of the industry as well as the prevention of fraud.

As such we would like to express our serious concern over the proposed blanket requirement for all merchants using South African acquiring banks to have 3D Secure (Verified by Visa and MasterCard SecureCode) imposed upon their customers for every online credit card transaction.

While we support any measures aimed at reducing online fraud, this cannot be at the expense of inflicting irrevocable harm to the local industry, which we believe will be the case if 3D Secure is imposed across all transactions in its current form. The reasons for our concern include:

  • There are still a large number of credit cards that technically cannot enroll for 3D Secure. As an example corporate cards do not have this requirement.
  • Education by the general public of 3D Secure remains at a very low level.
  • In general, the user experience when signing up and transacting through the web interfaces for 3D Secure is poor.
  • 3D Secure is not able to differentiate between auth and settle. Online auction companies and group buying websites do not settle all payments as either the tipping point or the minimum bid is not achieved. In both cases these types of businesses would not be able to function should 3D Secure be mandated.
  • Existing merchants that have turned on 3D Secure in a blanket fashion have experienced a significant drop off in the number of successful transactions.
  • Not all card associations implement 3D Secure e.g. American Express and Diners Club transactions would not be verified.
  • Many local merchants have invested heavily in their own in-house fraud detection systems, which are more efficient and effective than 3D Secure.
  • eCommerce companies are seeing increased usage in mobile devices on which 3D Secure does not work seamlessly across mobile applications.
  • If a blanket use of 3D Secure is enforced in its current form, it is likely to result in some of the larger local merchants moving their acquiring services to International banks that do not have this requirement thereby harming the local economy and industry overall.
  • For those local merchants that do not move their business internationally, they will be prejudiced as International merchants will have an unfair advantage by not requiring their customers to make use of 3D Secure.

We welcome the opportunity to engage with the relevant industry bodies and banks to discuss this matter further. We believe there are some relatively minor changes that can be made that would go a long way to preserving the local industry while still addressing the major issues around credit card fraud.

Yours faithfully.

Please direct all correspondence for the OCFA to ocfa@uafrica.com

Members of OCFA

Daniel Guasco
CEOGroupon South Africa

Jaco Roux
Director uAfrica.com

Matthew Swart
CEO SafariNow.com

Gary Altini

Gary Hadfield
CEO Loot.co.za

Ryan Bacher
CEO Netflorist

Justin Drennan
CEO Wantitall.co.za

Andrew Smith
Managing Director Yuppiechef.com

Michelle Kleu
Country Manager South Africa Travelstart.co.za

Carey van Vlaanderen
CEO 4D Innovations Group (Pty) Ltd t/a ESET Southern Africa

Jess Green
CEO Perk.com

Alexandra Fraser
Silicon Cape Siliconcape.com

Julia Raphaely
Managing Director Associated Media Publishing

Christy Turner
Managing Director Webtickets.co.za

Sylvia Gruber
CEO Rubybox.co.za

Luke Jedeikin
Managing Director Citymob.co.za

Charl Norman
Founder Onnet.co.za

Rob Stokes
CEO Quirk.co.za

Brett Commaille
CEO Angelhub

Rob Gilmour
CEO RSAweb.co.za

Alistair Capon
CEO LingerieLetters.co.za

Christophe Viarnaud
Managing Director Methys Group

Sebastien Lacour
Managing Director Powertime.co.za

Karl Hammerschmidt
Managing Director Runwaysale.co.za

Joe Botha
CEO Gustpay.com

Paul Cook
CEO Healthcart.co.za

Manuel Koser
Founding Partner Silvertree Capital

Image: Bigstock

Author | Stuart Thomas

Stuart Thomas
Stuart is the editor-in-chief of Engage Me Online. After pursuing an MA in South African literature, he spent five years reporting on the global technology scene. Intrigued by the intersection of technology and work, he joined Engage Me as the editor-in-chief. He is a passionate runner, and recently ran... More
  • v_3

    Judging by the foul-up FNB have made of their online banking upgrade, I would not put too much weight upon what their nabobs have to say about online payments.

  • Kelvin

    All the restrictions and regulations do is either kill tech companies (especially the small ones) or force them out of the country to places where it’s easier to get things done. This hurts the economy. So to protect the economy they implement more laws and regulations which then kills freedom of trade and hurts the economy even more.

    Rather than creating an inviting environment where companies and wealthy individuals want to be and invest their money, they try and use force. How is that a longterm solution? The money won’t even land up in SA in the first place if they carry on this way as big earners, and potentially big earners (both companies and individuals), will simply go earn the money elsewhere.

  • Gerhard Oosthuizen

    In it’s current form, 3D Secure solutions are a real threat for online merchants. A large number of potential shoppers abandon the transaction at the last moment and the deal is never done. Imagine 50% of customers walking out of a Pick ‘n pay or Woollies, leaving their full trolleys in the isles. And simply because their credit cards don’t work in a way that makes them feel secure.

    So why does this happen online, but not in the real world? Yes, customers are more comfortable when they can physically hold their goods before they pay for it. But the way the 3D Secure solution has been implemented is definitely an aggravating factor. Customers are comfortable to transact using their Credit/Debit Card and PIN at a Point of Sale. Yet when some random web page pops up with different branding during the transaction, claiming to be your bank, you can understand that the experience may make some feel uncomfortable.

    If a secure consistent experience could be created at the electronic checkout the cardholder will actually be able to transact with more confidence. The good news is that this is possible. The 3D secure protocol does not define the user experience .The implementation could be made a lot more user friendly and convenient, while still being as secure (and still being 3D secure compliant).

    Luckily banks a number of banks and merchants are starting to realize this and looking for alternatives.

  • Sonny Fisher

    There is a better way. It is secure, fast and easy.

    Check out http://www.mahala.us

  • Dave Baker

    Kelvin and Gerhard – I agree with a lot of what you blokes say certainly from the merchant perspective

    However from a customer perspective I do some some merit
    a) I have VISA Cards (A corp and a personal one actually)
    b) When I first encountered it I was nervous but I grew to trust it
    c) Every time I encounter 3D Secure I believe I get a pretty consistent UI
    d) I now am happier when I buy through a 3D site

    BUT it is not much protection if 80% of the sites dont protect one.
    I have had my credit card number nicked a few times. Each time it has been used to buy airline tickets
    I got the money back (after some effort) but each time I had to cancel my credit card which causes huge frustration with my subscription management (all my monthly credit card payments)

    The sites that cause the most trouble are the sites whereby less tangible goods can be on-sold and converted into cash eg airtickets, airtime, vouchers etc

    I would be happy with a selective approach

  • Roger

    An even better way would be to just use bitCoin… bypass the banks completely.

  • Dave Baker

    Might work well but until it is ubiquitious and trusted it aint much good

  • sean

    Personally, I’d much prefer to use a site that has 3D secure, than one that doesn’t. I don’t see the drop-off as a permanent problem. Once people understand this is more secure, the will be back. It’s about the merchants being part of that education process, instead of whining – their concerns are completely about their own bottom line – not what’s best for the customer.

  • Kelvin

    Hi Sean. Do you by any chance run an e-commerce site?

    I see your point of view. I don’t have any issues with it either. But you must understand that it in no way represents the majority.

    The problem is that most people when confronted with any form of friction simply give up and move on. Many consumers trying out the e-commerce space are really not at all tech savvy. So it really doesn’t benefit them to be honest. We run an e-commerce site and know from experience when introducing the slightest form of friction that people get pissed off and move on. So, it’s not really about only our bottom line. It’s something that effects both the merchant and the consumer.

  • Kelvin

    In the end e-commerce businesses are just like any other business. They have expenses and operational costs and often have extremely slim margins. If any business were to take a 50% knock in sales it would likely result in them having to close their doors. It would definitely be the case for us.

    So it’s not a case of downgrading lifestyle from driving an Aston Martin to an Audi. It’s really the difference between being able to continue offering a product or service and employment VS closing down.

    Now I agree that the merchants could and should take on the responsibility of educating their customers. But once again, from experience, this is an expensive and time consuming endeavour. It wouldn’t take less than a number of months. Considering we would be possibly be out of business in 2 it’s not really a solution. Clearly the banks, with infinitely greater resources, have already failed to do the educating. It’s also not an option to approach our employees and suppliers and say, “Hey guys listen, we’re educating our customers for the next 5 months so you suppliers are going to have to give us 50% off and you employees are going to need to take a 50% pay cut until sales are back to normal.”

    This is what would be the best solution… mandated 3D secure with intelligent routing. What I mean by that is that it only forces customers through 3D secure if they’ve taken the time to set it up on their cards previously. If a card hasn’t been set up for 3D secure (or doesn’t support it) then it skips the 3D secure route. That will then give people such as Dave Baker security (at least for SA websites) and not piss everyone else off forcing them to purchase from international competitors. But keep in mind that the internet is an international market. If your card details are compromised fraudsters will simply use it on international sites and avoid SA sites altogether.

  • Pingback: Storm Set to Erupt Between SA e-Commerce Players, Banks | Payments Afrika()

  • Jeremy Dixon

    Wouldn’t it be possible for the banks to give you a 3D secure pin when they supply the card and leave it up to the user to change it? Kind of like the way they give you a pin when you get a new card?

More in Ecommerce

PayPal Galactic: is the move into space payments smart or just plain crazy?

Read More »