Visa chaos prompts e-commerce warning

Electronic traders risk losing "serious" money if they continue to trade online without proper verification, John McGuire, the man whose company's software is responsible for securing Compaq's e-commerce transactions, warned last week. Independent experts also think that the law is skewed to favour banks and credit card companies at the expense of traders and customers.

VISA recently warned traders that 50 percent of the sales it earned online ended up unpaid because of disputes and fraud. Customers have disputed online transactions, claiming not to have visited the site thus leaving the merchant to pay for goods they had bought.

McGuire, co-founder and CEO of electronic payments firm Trintech which supplies e-commerce solutions to Compaq, says the problem is partly due to the Secure Socket Layer (SSL) technology, and partly due to greedy banks. "Banks and companies including VISA and Mastercard have given merchants the impression that SSL is OK," says McGuire. "It's not OK and those merchants using SSL run a very real risk of not getting paid because of these disputes. It's up to Banks to SET (Secure Electronic Transaction) enable their cards."

According to McGuire, SSL does not provide adequate authentication of a customer. If someone buys a CD at a site where SSL is employed that person can deny ever being at the site leaving the merchant to foot the bill. "They (merchants) need to be aware of the risks that come with using SSL. Risks that could cost a lot of money... The banks are happy to say, 'we've abdicated ourselves and it's down to the merchant to take the entire hit.'"

The volume of disputes reported by VISA could be exactly what the SET technology needs to jumpstart its universal acceptance. Says McGuire, "this is the first quarter where people have actually used e-commerce, but the merchants now have the prospect of 50 percent of their sales being disputed with no recourse. Everyone selling online needs to look at SET very seriously and put it back where it belongs."

A leading think tank, the Foundation for Information Policy Research (FIPR), recently called for existing laws to be extended cover electronic transactions, saying the customer was bearing too much risk. The recent DTI consultation paper, 'Building Confidence in Electronic Commerce', limited banks' liability.

FIPR co-founder Ross Anderson observes: "At present, if I use a credit card to buy something on the net and get ripped off -- whether the goods are shoddy or extra transactions get billed, it doesn't matter -- then I have a claim against the card issuer under the Consumer Credit Act and the issuer can recover costs and damages from the merchant." Under the proposed arrangements, says Anderson, if approved digital signatures are used to make such transactions, then signatures made with his key will be presumed valid even if he did not make them, and the bank has its liability limited. "So bankers win and customers lose."

Andrew Orlowski contributed to this article

Take me to the e-commerce special.