Manila, July 17, 2003 By Tanya T. Lara (STAR) Here are numbers that would make any shopgirl’s credit card grow restless in her wallet: Last year’s total online sales amounted to $81.7 billion; 6.3 percent of total credit card transactions were initiated on the Internet in 2002 and this is expected to grow to 8.6 percent in 2004. Yet MasterCard research shows that less than half of people online have ever participated in an online transaction, which represents a vast potential of untapped shoppers.

The billions of dollars in sales are certainly impressive, considering that the budget for the Philippines this year is only $1.4 billion or P804 billion (much of it we had to borrow anyhow). This means that Internet merchants in 2002 made 58 times more than our entire country ought to spend in one year.

These statistics set against the global picture, however, tell a different story. Years ago, researchers predicted that by now Internet shopping should have reached $400 billion. It’s not the first time analysts overshot their expectations. Remember the heady years leading to the Internet bubble burst – how dotcom people were buying islands from their IPO earnings, how executives were suddenly kids barely out of college and how retirees who put their nest eggs on the Internet were suddenly left holding an empty bag?

Even as Time magazine chose founder Jess Bezos as its 1999 Man of the Year (who can forget the cover – Bezos’ head in the ubiquitous Amazon box filled with styrofoam popcorn?), his company was still bleeding red (it didn’t make money for five years or more), along with other sites that have closed since.

So what happened to market predictions? Why is it that while some parts of the world have embraced online shopping with an open wallet, others have shunned it like a virtual plague? A MasterCard research may have some of the answers. It shows that 73 percent of consumers may shop in the next three months if there were "enhanced security features." That 61 percent are "worried that their personal and financial information may fall in the hands of hackers" and 70 percent are "concerned about security and fraud." In high-tech Singapore, only 9 percent of Internet users shop online, yet Korea is No. 4 in the world for online shopping.

While differences in cultural attitudes about shopping may be a major reason why people here shop online less (it’s said that Asians still view shopping as a social exercise rather than a chore, therefore they don’t mind going out of the house to shop instead of doing it online to save time and money), the concern about fraud is a global one. Research says that online credit card fraud is 12.5 times higher than offline, representing huge losses on the part of merchants since 90 to 95 percent of transactions online use credit cards for payment.

MasterCard vice president for Business and Technology Integration Mark Patrick was recently in Manila talking to banks about Secure Code, a solution the company rolled out last year in Europe and early this year in the US and other parts of Asia. He says that fraudulent chargeback comprises "80 percent of online fraud issues." Secure Code was created to address this type of fraud (where a cardholder’s card is supposedly used without his knowledge or consent) and to give online shoppers who use their debit cards as payment mode an easier time.

In Manila, he met with nine banks to talk about introducing Secure Code to the market, "which we planned on doing back in April but because of SARS nobody wanted to see us," says the Singapore-based Mark Patrick with a laugh. "We introduced the banks to the services we built, the gateway service and the on-line authentication solution. The response was very good, they were very interested."

From a bank’s point of view, Secure Code would cost less than if they built a solution themselves; the benefit for the merchant is that he now gets protection from dishonest shoppers; and for the consumer, he gets additional security when shopping online.

Patrick explains the bank’s options. "The bank’s investment depends on its existing infrastructure. Typically, they have to buy the software, hardware, put in place an operational staff supporting the software. There are some fairly rigid security requirement around storing authentication data, just like storing personal identification numbers and everything else. For a bank to build the solution in-house, it’s gonna cost them between $1.5 and $2 million. Alternatively, they can look at a third party, outsource it, but the challenge there is finding a third party they can trust. The same applies for the Internet gateway. They don’t have the global connectivity, the cost of service is high and they don’t have enough customers. So what we’ve done is that we’ve taken that investment, built it ourselves and we maintain everything on behalf of the banks, and then we socialize that cost and it comes out about the 10th of the cost if they do it themselves."

MasterCard is not the only one that provides this type of service (Visa, for example, has Verified by Visa) but Patrick says the company’s Secure Code also supports authentication for other cards. "We’re offering a comprehensive solution for banks not just for our own business but their other businesses as well."

As for the liability shift benefiting the merchant, Patrick says, "Today the liability resides with the merchants. If the cardholder says he didn’t do (the transaction), the merchant loses. If the merchant is Secure Code-enabled, the liability shifts to the issuing bank, which deals with the cardholder. With Secure Code, the issuer does not have the option to go to the acquiring bank and cancel the transaction, they just have to deal with it within their policy."

Patrick likens it to a "chicken and egg situation," wherein they already had the technology a few years ago but nobody adopted it because there was no liability shift, so issuing banks were not about to spend money to make themselves liable. MasterCard also has solutions that protect issuing banks and acquiring banks from online fraud.

MasterCard has signed an exclusive deal with VeriSign, one of the top three global payment gateways in the US, which has 75,000 merchants globally, and World Pay, which has 15,000 merchants.

Secure Code acts like the PIN of an ATM card, which means that the shopper will be authenticated before the merchant gets the authorization to charge the card. No one apart from the cardholder – not even the merchant – can view or access the card’s data, such as the PIN because the shopper’s computer "talks" directly to his bank’s server.

What happens if you’re buying from a Secure Code-enabled site and your own issuing bank isn’t? "In that case, your issuing bank would be liable, because the merchant tried to authenticate but because your bank wasn’t participating, the liability is shifted."

Patrick says the earliest adopters of Secure Code were banks in Europe in April 2002, the US has 25 to 30 top banks this year and some parts of Asia Pacific have already adopted it while more are on the way.

In Europe, the results were immediate. Before Secure Code, the average price of products that shoppers were buying on the Internet was $90. Patrick says that within 30 days, the average ticket from the same merchants was $163, "the reason being that the merchants can sell higher-priced products because they’re going to get paid and, on the consumer side, they’re comfortable to make a purchase because if their cards are compromised, they can’t be used without the Secure Code. It’s like losing your ATM card without the thief knowing the PIN."

Secure Code is also future-proof, it allows "future biometrics like fingerprints or retinal eye scans. It allows for issuers to choose such services as pin, password, etc."

Patrick says, "MasterCard solutions are not to generate profit but to facilitate the needs of the e-commerce environment and stimulate the market potential."

A credit card company that doesn’t focus on the profits? That’s one more reason to feel secure indeed.

Reported by: Sol Jose Vanzi

All rights reserved