Online Gambling : Fighting ChargeBacks


Mention the name Tej Kohli on player message boards and there will almost certainly be a reaction…and not always in a positive vein…linking the name with the notorious Virtual online casino group and its alleged bad treatment of online gamblers.
 
This week the name came up in an unexpected context – fighting credit card chargebacks.
 
EFYTimes reported that Kohli, in his capacity as CEO of Grafix Softech, has announced a new product to guard against chargebacks experienced by online casino operators.
 
The report reveals that the Kohli strategy will centre on the use of 3-D Secure protocol – the same technology used in Verified by Visa and Mastercard’s SecureCode – which adds another layer of security in a CNP (card not present) transaction, ensuring that the real cardholder is the person making the transaction.
 
“Both consumers and merchants in this [online gambling] industry, where sums either spent or paid out can be large and occur with frequency, need utmost confidence that online transactions will be processed safely and efficiently," Kohli told EFY. "That sense of security will bring in new sales, keep existing customers coming back and, on a concrete level, lower the chargeback fees casinos pay out.”
 
Internet casino operators have reason to fear chargebacks; companies face not only reimbursement of the cost of the credit card charges in a fraudulent transaction, but also a fee from the bank for the trouble endured. Independent estimates claim that 3-D Secure protocols can reduce the amount of fraud by up to 80 percent.
 
“The fact that this solution will be so easy to integrate into an existing payment processing system is a major plus,” Kohli added. “Online gaming has grown so rapidly and, along with it, so has the risk of fraud. We don’t just need to keep pace in this business, we need to stay ahead.”
 
Wikipedia reveals that the basic concept of the protocol is to tie the financial authorisation process with an online authentication. This authentication is based on a three domain model (hence the 3-D in the name). The three domains are:
 
* Acquirer Domain (the merchant and the bank to which money is being paid).
* Issuer Domain (the bank which issued the card being used).
* Interoperability Domain (the infrastructure provided by the credit card scheme to support the 3-D Secure protocol).
 
The protocol uses XML messages sent over SSL connections with client authentication (this ensures the authenticity of both peers, the server and the client, using digital certificates).
 
The main advantage for cardholders is that there is a decreased risk of other people being able to use their payment cards fraudulently on the Internet.
 
In most current implementations of 3-D Secure, the issuing bank or its ACS provider prompts the buyer for a password that is known only to the bank/ACS provider and the buyer. Since the merchant does not know this password and is not responsible for capturing it, it can be used by the issuing bank as evidence that the purchaser is indeed their cardholder. This decreases risk in two ways:
 
1.Copying card details, either by writing down the numbers on the card itself or by way of modified terminals or ATMs, does not result in the ability to purchase over the Internet because of the additional password, which is not stored on or written on the card.
 
2.Since the merchant does not capture the password, there is a reduced risk from security incidents at online merchants; while an incident may still result in hackers obtaining other card details, there is no way for them to get the associated password.
 
In spite of the prevalence of password-based implementations, 3-D Secure does not require the use of password authentication, and it is perfectly possible to use it in conjunction with smart card readers, security tokens and the like. These types of devices may provide a better user experience for customers as they free the purchaser from having to use a secure password. Some issuers are now using such devices as part of the Chip Authentication Program or Dynamic Passcode Authentication schemes.