Online credit card payment "arcot" verification? is this legit?

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › Online credit card payment "arcot" verification? is this legit?

1 | 2

richms

28191 posts

Uber Geek

Trusted

Lifetime subscriber

#2278792 18-Jul-2019 11:24

Especially when the web design looks like it was done in the 1990s by an intern with html for dummies book.

This is just so fraud looking and the fact that idiots at banks cant see that this is training users to enter details into sites which is what they tell people not to do is amazing. Just yet another reason that the whole piece of plastic with numbers on it for online payments is the most idiotic thing ever. But until the banks are hit rather than the merchants they have no reason to care about it.

Richard rich.ms

Kyanar

4089 posts

Uber Geek

ID Verified

Trusted

#2279470 19-Jul-2019 10:03

richms:

Especially when the web design looks like it was done in the 1990s by an intern with html for dummies book.

This is just so fraud looking and the fact that idiots at banks cant see that this is training users to enter details into sites which is what they tell people not to do is amazing. Just yet another reason that the whole piece of plastic with numbers on it for online payments is the most idiotic thing ever. But until the banks are hit rather than the merchants they have no reason to care about it.

The banks are hit rather than the merchants. If a merchant attempts 3DSecure authentication (Verified by Visa or Mastercard SecureCode) the liability for fraud shifts from the merchant to the issuing bank. Merchants are incentivised to support it because even if the card doesn't support it, the merchant is indemnified against chargebacks for unauthorised transactions.

Kyanar

4089 posts

Uber Geek

ID Verified

Trusted

#2279471 19-Jul-2019 10:06

freitasm: Problem is that is not the Visa or bank domain so it looks like phishing. So badly done, it is stupid.

At the very least, it should present you a piece of information that only you and your bank would know, and provide you some sort of reference to call your bank to verify with.

Some banks that have a challenge picture during online banking logon for example display the same challenge picture during the 3DSecure flow.

jarledb

Webhead
3257 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2279920 20-Jul-2019 00:35

Kyanar:

Merchants are incentivised to support it because even if the card doesn't support it, the merchant is indemnified against chargebacks for unauthorised transactions.

Pretty sure there is no difference to the ability to issue a chargeback when authorising a payment with 3Dsecure.

But perhaps thats not what you meant?

Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.

Kyanar

4089 posts

Uber Geek

ID Verified

Trusted

#2280952 21-Jul-2019 20:20

jarledb:

Pretty sure there is no difference to the ability to issue a chargeback when authorising a payment with 3Dsecure.

But perhaps thats not what you meant?

No, that's exactly what I meant. If 3DSecure is attempted, Liability Shift is in effect and the transaction cannot be charged back for unauthorised use of card (or if the cardholder does charge it back, the issuing bank must eat the charge - the merchant cannot be charged back).

KiwiSurfer

1456 posts

Uber Geek

ID Verified

Lifetime subscriber

#2281014 21-Jul-2019 21:54

KiwiBank (or in reality whatever company they use to manage their equivalent system) presents a page from a securesite.co.uk domain (IIRC). Have seen it a few times for a couple of seconds and it has always simply redirected back to to the merchant or payment provider's site. The design is very simple and not even close to Kiwibank's usual style so I guess it's a white label thingy with the Kiwibank logo dropped in. The Kiwibank logo lends some legibility to it, but barely.

My worry is that it could be easy enough for a scammer with enough time on his hands to develop a system to do a lookup of a card BIN number and generate a page with the corresponding bank's logo and name and use that to capture extra info about the card...

richms

28191 posts

Uber Geek

Trusted

Lifetime subscriber

#2281024 21-Jul-2019 22:56

KiwiSurfer:

KiwiBank (or in reality whatever company they use to manage their equivalent system) presents a page from a securesite.co.uk domain (IIRC). Have seen it a few times for a couple of seconds and it has always simply redirected back to to the merchant or payment provider's site. The design is very simple and not even close to Kiwibank's usual style so I guess it's a white label thingy with the Kiwibank logo dropped in. The Kiwibank logo lends some legibility to it, but barely.

My worry is that it could be easy enough for a scammer with enough time on his hands to develop a system to do a lookup of a card BIN number and generate a page with the corresponding bank's logo and name and use that to capture extra info about the card...

Yeah, they should at least use a subdomain of the real bank instead of the uk securesite one on all cards. Even then it still looks suspitious. The best one I have had has been on gem visa where instead of asking you crap it just sends a code that you put in by SMS. Annoying in that they do that thing businesses do in assuming that people only have a single phone number that they always have on them when they want to buy things but better than asking crap I have no idea about like my limit on the card.

Surely they could say something like "go and log into internet banking as you normally do and authorize this transaction" or similar.

Richard rich.ms

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

boosacnoodle

963 posts

Ultimate Geek

#2281030 22-Jul-2019 00:07

Amex does it pretty well. Code sent to your email & SMS (your choice) and partially shown on screen, with your card number & purchase price also shown.

jarledb

Webhead
3257 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2281031 22-Jul-2019 01:42

Kyanar:

No, that's exactly what I meant. If 3DSecure is attempted, Liability Shift is in effect and the transaction cannot be charged back for unauthorised use of card (or if the cardholder does charge it back, the issuing bank must eat the charge - the merchant cannot be charged back).

Would you mind giving a source for that claim?

This is what Stripe writes about 3Dsecure and chargebacks. They do cover fraud and claims that transactions were fraudelent, but not regular chargebacks.

Should a customer dispute a payment for any other reason (e.g., product not received), then the standard dispute process applies. As such, you should make the appropriate decisions regarding your business and how you manage disputes, if they occur, and how to avoid them completely.

Source: Stripe

Kyanar

4089 posts

Uber Geek

ID Verified

Trusted

#2281662 22-Jul-2019 18:48

jarledb:

Would you mind giving a source for that claim?

This is what Stripe writes about 3Dsecure and chargebacks. They do cover fraud and claims that transactions were fraudelent, but not regular chargebacks.

Should a customer dispute a payment for any other reason (e.g., product not received), then the standard dispute process applies. As such, you should make the appropriate decisions regarding your business and how you manage disputes, if they occur, and how to avoid them completely.

Source: Stripe

The source is your merchant agreement, or in the case of Stripe the rest of the page you left out of the quote.

1 | 2