Payment

Today I was helping a customer pay online with their Nedbank credit card. Mastercard has implemented "Secure Code" technology, which means that after entering your credit card details you are asked for another "password", which is supposed to ensure that you are the owner of the credit card.

It's a nice idea, but it has been very poorly implemented by our local banks. They have spent no time or money educating their clients about this technology, so the first time they hear about "Secure Code" is when they are in the middle of an online transaction, and it usually confuses (and frightens) them. To give you an example of what a joke Nedbank thinks this whole thing is, have a look at their help page that customers are shown. Here are some extracts:

To use MasterCard Secure Code, you simply verify your identity and create your password or you may be able to use an existing passowrd you have with your bank.. Then, your card issuer will automatically ask for your password whenever your card number is used at participating online stores.

[Insert Issuer - Provided content]

I'm guessing that Mastercard provided a template for a help page that each of the banks was supposed to customise. Nedbank didn't even bother reading through it, so it still has the [Insert Content Here] messages, the typos, and the double full-stop at the end of the sentence. It gets worse:

Social Security Number
With increasing frequency, government agencies, schools, ulility companies and businesses rely on Social security numbers to identify individuals' records in their computer systems. This service uses only the last 4 digits of the primary cardholder's Social Security number to help verify your identity. Providing the last 4 digits of the primary cardholder's Social Security number does not give access to any of your Social Security records.

Social Security Number? That's going to confuse South Africans. Would it have been so hard to change it to say "ID Number"?

But there's more:

Create Your Password
Use [X] to [XX] characters and at least one digit to create your password. You may use letters, numbers, or any combination of these.

How many characters is X?

It just goes to show that Nedbank has implemented Secure Code because Mastercard is forcing them to. Nedbank themselves are not that interested in making the experience an easy and safe one for customers of our online stores.

Napalm is a type of explosive used in various wars (particularly Vietnam) to incinerate large areas, killing the baddies and lots of good stuff at the same time.

Credit Card fraud is undeniably an issue that still needs to be resolved, and is a leading reason that people avoid shopping online. The banks and the credit card companies (eg Mastercard) are working on various strategies to combat this, but so far their only affect is to make it nearly impossible to do anything online any more. If you hold a Standard Bank Mastercard and attempt to make a purchase online, you will probably be taken to a page that asks you to "register" your card by giving it a username and password. Theoretically this means that if someone gets hold of your wallet or card number and tries to use it, they won't know your password details.

Unfortunately there are 2 problems with this plan:
1) 95% of credit cards have never been used online, and so this registration hasn't happened yet. If your wallet gets stolen and the thief uses it for the first time, they will kindly register your card for you. The only "authentication" that is required to register a card is your ID number, which would be found on your driver's license or other identification. If the banks were serious about this, why don't they make you come in to the branch and register your card? This week a friend needed to change the postal address for his statements, and Standard Bank made him come to the branch to perform that task (and no doubt make the 500th copy of his ID book).

2) The registration process doesn't work. I sat with a client while they tried to buy a Bug Zapper, and after filling in details she was redirected to a page on Standard Bank's server where she was asked to enter a username and password. First the password was to short, then the username was "already taken", then her session had timed out, then the page was just unavailable. By then she was very frustrated with the process, and of course it appeared to her that Bug Zapper was causing the grief. She gave up and did a bank transfer.
Today I tried to renew a software product with my Standard Bank Live Alchemy card, and at the end of the process I was told that my bank wanted me to register my card. In the frame where the Standard Bank page should have loaded, this error appeared:

Certainly not the most friendly of errors. I tried the process twice, and gave up.

So why is this whole thing such a stuff up? My guess is that the banks are under pressure to cut down on credit card fraud, but the online market is not a big enough priority for them to really care about. Yesterday I quoted Arthur Goldstuck predicting that e-commerce in South Africa in 2007 would reach to R1 billion in transactions. That is a drop in the ocean for the banks (Sandton City probably does more turnover than that in a year), so they have assigned a junior IT guy to set up the registration process and look after the server. Clearly he's on sick leave this week.

It's worrying for online stores like ourselves, who depend heavily on consumers being confident (and able) to make purchases with a credit card. Here is some advice for online business owners:
1) Give customers as many different payment options as you can - bank transfers, posted cheques and cash/cheque deposits.
2) Make sure that your order process allows a customer to switch payment option midway. If they are battling with the credit card system, they should see a big link offering that they pay another way.
3) Capture the customer's details before you send them to the credit card stage. If they give up at that point your back-end system should flag the order as "unpaid", and you can phone the customer to walk them through it, or ask them to pay with another method.
4) Test, test, test! Get hold of as many different credit cards as you can (in a legal way, of course) and test your site. Then get someone fairly internet-illiterate to test your site. We only discovered the Standard Bank issue when a customer came in to our offices and made a purchase on one of our computers. That's not the type of testing you want!
5) Make your support channels very clear on the ordering pages. Offer an e-mail address, phone numbers and even live chat.

This isn't an easy time to set up shop online, as we are all pioneering something very new. But who said this business would be easy? 

“Google Checkout” is the new kid on the block trying to eat into PayPal’s dominant position in the payment market. Currently they only offer merchants in the US the ability to accept payments, but they accept purchases from a large number of countries, from Albania to Zimbabwe, and some very 3rd world countries like Burkina Faso and Tanzania. No prizes for guessing which country isn’t on the list… South Africa. There must be something very wrong with our banking system and government policies.

Read the full list of countries here.