A questionnaire was carried out on the Actinic Community forum (another thread), and also among Actinic UK staff. A total of 51 people took part. I am posting the results as promised:

• 47% (24) didn’t have a Maestro card
• 24% (12) had a Maestro card but didn’t use online (usual reason because always use a credit rather than debit card for greater protection)
• 29% (15) had a Maestro card and used it online

Of those that had a Maestro card and used it online:
• 29% (5) say they never remember being asked for a password (i.e. Mastercard Securecode) * see below
• 71% (12) say that they have been asked for a password

Of those that have been asked for a password:
• 40% (4) said they were asked every time
• 30% (3) said half or more times but not every time
• 30% (3) said they were asked occasionally

Everybody except one person who had a Maestro card and answered the relevant question said that they knew what 3D secure was, although as everyone is involved in ecommerce you might expect that.

* One important comment was made that First Direct - i.e. HSBC haven't yet implemented 3D Secure for Maestro. However, a search on the HSBC web site suggest that they have as you can register your password for Maestro there.

Conclusion

From this research, 8% (29% x 29%) of the UK population may have a Maestro card, use it online, but not have experienced 3D Secure. Some of these may already be aware of 3D Secure and it may not be a problem.

Chris

Hmmmm

OK interesting facts, small sample group so a little gestermation involved but that cant be helped. So come on then Chris what ya up to

One important comment was made that First Direct - i.e. HSBC haven't yet implemented 3D Secure for Maestro. However, a search on the HSBC web site suggest that they have as you can register your password for Maestro there.If this is the case - why have I never been asked either to register or to input a password when shopping with my Maestro card online?

> Chris what ya up to

As you know, 3D Secure (Mastercard Securecode) is officially 100% compulsory with Maestro.

Some banks have just started rejecting settlements (after allowing authorisation) if a Maestro card payment hasn't been taken using 3D Secure. As a result we are in discussions with Creditcall about automatically making 3D Secure compulsory for Maestro. After all, we all (merchant, Actinic and Creditcall) have a big problem if authorised payments don't get settled. This approach would still leave the merchant able to decide on 3D acceptance with other card types.

My belief was that not that many people were being asked for 3D Secure with Maestro. The survey seems to say differently.

Chris

> If this is the case - why have I never been asked either to register or to input a password when shopping with my Maestro card online?

Fair question, Jules. The short answerr is that I don't know - presumably HSBC aren't enforcing 3D Secure yet. However, if you go to www.hsbc.co.uk, then search for "Maestro shopping online", click on "Debit cards Maestro and Solo", and then on the resulting page click on "Debit card security", you will see that they are promoting 3D Secure.

If you go to www.mastercard.co.uk, then there's plenty of information on Mastercard Securecode (3D Secure) but I couldn't find a statement that it's compulsory for online purchases using Maestro.


Chris

>
Some banks have just started rejecting settlements (after allowing authorisation) if a Maestro card payment hasn't been taken using 3D Secure. As a result we are in discussions with Creditcall about automatically making 3D Secure compulsory for Maestro.



Hmm ok this is a concern to me and probably many others, so is it my responsibility to check the batch settlements everyday to make sure they have been processed. Will my merchant services tell me (streamline) if they reject one? :mad:

My understanding is that if 3D is made compulsory for Maestro, then it has to be for Visa and Mastercard too. Maybe this varies between PSPs.

> My understanding is that if 3D is made compulsory for Maestro, then it has to be for Visa and Mastercard too. Maybe this varies between PSPs.

I believe that it is a feature of the PSP. We are looking to allow it to be different for Actinic Payments i.e. Maestro 3D Secure on, others off or on.

3D Secure is officially already compulsory for Maestro. Here is the banking systems's official policy statement, which has been passed to me.

"That mandate is any merchant trading via the internet and accepting Maestro needs to :

- Remove the Switch Logo and show the Maestro Logo

- By showing the Maestro logo the merchant must be able to accept International and Domestic Maestro cards the Maestro transaction MUST undertake the 3DS process

- International Maestro cards MUST be fully authenticated prior to proceeding to auth and Settlement

- Domestic Maestro cards merely need the merchant to attempt authentication

This finally nails the difference between International and Domestic Maestro, which I hadn't previously properly understood. The rules say you have to attempt 3D Secure with both, but you must actually pass 3D Secure to take an International Maestro payment.

Here is what Barclays have said:

"All merchants should now be compliant. If they are accepting Maestro they should be using Securecode. If they do not want to implement Securecode, the only other option available to them to mitigate the risk of fines is to switch off Maestro acceptance. All merchants’ procedure guides and terms and conditions have been updated to reflect that this is mandatory".

The rules are clear (I suspect that they are already in the small point of everyone with merchant status), but it appears that enforcement has been patchy up until this point. What we are seeing is the start of formal enforcement, and we are trying to find the best way forward.

Chris

The rules are clear and I'm quite surprised Actinic Payments haven't been enforcing them on their side. I guess the non-settlement is a way of saying 'if you don't abide by the rules you don't get paid'.

The banks are also forcing securecode on people. I have an HSBC Maestro card and they've been forcing signup by users since well over a year ago (or something like that, it was certainly a long time ago). All I can think of is that maybe Jules hasn't used her card on a site that is using 3d secure.

I'll certainly be glad when all websites use 3d secure. At least that will stop customers getting confused when they see it and the complaints about other sites not requiring it.

Mike

All I can think of is that maybe Jules hasn't used her card on a site that is using 3d secure.

indeed...perhaps she isn't! :D

I think the point is that ANY and ALL sites accepting maestro should be using 3d secure though.
Interestingly, I paid for my car tax online last week with my Maestro card (rarely used), through DVLA, and wasn't asked for 3d/securecode confirmation.

I agree that it'll be far easier when EVERYONE has to use it everywhere though. When it's compulsory everywhere online, it will cause a lot less hassle.

There are still so many people who don't even know what it is though and they see it is something to be suspicious of rather than something to protect them.

I think banks and card companies have a lot to answer for regarding this. They NEED to be more proactive in letting every single customer know about it.

Chris

Excellent solution. I see this as one of the great benefits of AP is that it is closely tied to the main development side. Because of the single sign up to 3d secure which would effect Mastercard and Visa we would prefer not to offer Maestro to meet the requirements than impact these other 2 main stream cards. Talking to other companies and customers then we may see drop out rates of nearly 30% because people hate 3d secure so much and can't remember pin numbers or have had problems subscribing to it. This way we limit that 30% drop rate to Maestro.

David

Chris

Excellent solution. I see this as one of the great benefits of AP is that it is closely tied to the main development side. Because of the single sign up to 3d secure which would effect Mastercard and Visa we would prefer not to offer Maestro to meet the requirements than impact these other 2 main stream cards. Talking to other companies and customers then we may see drop out rates of nearly 30% because people hate 3d secure so much and can't remember pin numbers or have had problems subscribing to it. This way we limit that 30% drop rate to Maestro.

David

I think your missing the point, this will be compulsory on all cards eventually, the same as chip and pin. I have been using it since it came in and i have certainly not seen a drop in sales, if anything they are stronger than ever. 30% is a huge amiount and i doubt it is solely down to 3D

Chris

Because of the single sign up to 3d secure which would effect Mastercard and Visa we would prefer not to offer Maestro to meet the requirements than impact these other 2 main stream cards. Talking to other companies and customers then we may see drop out rates of nearly 30% because people hate 3d secure so much and can't remember pin numbers or have had problems subscribing to it. This way we limit that 30% drop rate to Maestro.

David

We signed up to 3D Secure in June 2007. Since then we have not had even one chargeback. (Prior to that we were getting about £1000 a year's worth of them). We did not notice any drop in conversions as a result of implementing it. We always look at failed transactions and usually find that the genuine customers will try the transaction again shortly afterwards, once they have remembered the password.

When we check failed or abandoned transactions which are not re-attempted, we usually find the order came from Nigeria or Ghana, so it certainly seems to be working as planned as far as we are concerned.

Like all new procedures, public acceptance is slow at first but soon gains momentum as people become familiar with the technology.

Dear Darren

Nope not missing the point about it being implemented eventually. But you have to think of different market sectors. We have not had a chargeback for a number of years so that is not our concern. Some market sectors have customers who are not net savvy and anything getting in the way, such as logins and extra passwords are a real pain. Some of our customers may not shop on many sites, and the more you do I agree the more you get used to 3d secure. What I was agreeing with and applauding was that AP, if it does this, would allow us to manage the integration in our own time and not have it forced on us until WE want to integrate with the cards that we want rather than be dictated to by Maestro.

On a side note, of how switched on people are, we had to talk to our bank the otherday and one of their staff did not have a clue what 3d secure was and why we would want. That is from someone in the industry. It is not out there in the whole of the industry yet and if it was being rolled out in a structured way by the banks I would be more in favour. I am not convinced that the banks know what they are doing, I wouldn't trust them to have small businesses interest held very high, and I wouldn't trust them not to come up with another system as technology changes.

True but 3D is not bank led, it is card issuer led, meastro is mastercard. No disrespect ment to bank staff but all their training focuses on selling products. It is of no interest for the bank staff to understand online card processing.
This is a completley seperate department.

You have valid points, but it is no different to the people that come to me and tell me they dont use chip and pin (well they used to) our answer is - without it you cant buy im affraid. If every etailor took your views then it would take forever to change the system, 3D is coming and the sooner people accept it and use it the better IMHO

presumably HSBC aren't enforcing 3D Secure yet. However, if you go to www.hsbc.co.uk (http://www.hsbc.co.uk), then search for "Maestro shopping online", click on "Debit cards Maestro and Solo", and then on the resulting page click on "Debit card security", you will see that they are promoting 3D Secure.A quick follow up to this - First Direct (part of HSBC) are abandoning Maestro full stop:

"Clause 5.7.3 has been amended to remove reference to MasterCard SecureCode [...] as all new debit cards issued by us from January/February 2009 will be Visa debit cards, rather than Maestro debit cards."

The above is stated in a variation to FD's terms and conditions which I received this morning.

are you still allowed to do telephone orders using maestro?
just tried calling hsbc to find out, i might as well have asked the postman he would probably have given me a better answer

I don't see why you can't take telephone orders using Maestro. 3D Secure shouldn't be enforced on MOTO (mail order/telephone order) payments.

Certainly, in Actinic Payments web orders are handled slightly differently from MOTO ones.

Chris

Just picked up on this thread.

We use HSBC merchant account and you definitely can accept mail order payments without 3DSecure. Card holder should not give you their password!

We have lodged a formal complaint with HSBC about the c**p user education on 3DSecure. I am constantly reminded by HSBC e-payments that we must use 3D for Maestro or face unlimited fines. However I have yet to receive any communication from First Direct (HSBC) about 3D for my own Maestro card which I do use online.

Unlike "chip and pin" where the high street heavyweights had to be completely onboard, it seems like the banks don't really care because the poor old merchant will end up picking up the tab!