The Prudential's direct banking subsidiary Egg is to be the first UK bank to implement Visa's 3 Domain SET security programme for online card payments.
Egg says it will implement the 3 Domain model as part of the roll-out of the Egg Wallet, a managed e-wallet service developed by UK-based payments start-up Earthport.
The Visa 3 Domain model is a stripped down version of the Secure Electronic Transaction standard (SET) which was introduced by the payment card companies in a bid to improve security in online shopping. The updated programme is based on securing the three information flows (or domains) required in a card payment transaction; between the cardholder and their issuing bank; between the retailer and their acquiring bank; and between the issuing and acquiring banks themselves. On the consumer side, cardholders are provided with an 'electronic wallet' that is pre-populated with their card payment details, and contact details.
When a cardholder is about to make a purchase online, they will receive a message from their bank asking them to confirm their identity - likely through a password. The bank will then contact the retailer's bank and advise them that the payment is authorised. The retailer will only need to be provided with the cardholder's shipping details, not their payment card details.
Andy Thompson, director of transaction business at Egg, says: "Egg has a provisional agreement for 500,000 Visa SET-enabled wallets. The way the Visa e-commerce security programme works means that SET is now very easy to use as all the checking and encryption work is carried out centrally making it very customer friendly - exactly the type of product which fits with the services that Egg offers. Earthport's system, as used by Egg, has been built in the spirit of SET since it protects both Egg Shop customers and Egg Shop merchants against Internet fraud."
Sandra Alzetta, senior vice president of Virtual Visa, adds: "Studies show that the major reason most consumers are not shopping online is that they are concerned about using their payment cards. This concern cannot be really addressed until cardholders and merchants have to perform some sort of security or authentication test - just like you do when banking online."
Visa's European banks have committed to implementing 3Domain SET across Europe by October 2001. As part of the switch, Visa has changed the rules regarding liability for disputed transactions in card not present environments over the Internet. From June 2001, any Visa retailer who has fully implemented authentication services that comply with the 3D programme will no longer be liable for disputed transactions, with the shift in liability for these disputed transactions moving to the card issuing bank.