Advertisement
logicmoo

Untitled

Apr 23rd, 2014
330
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Can you tell me IF this has merit?
  2.  
  3.  
  4. Cust point of view:    
  5.  
  6. 1) Dominos website wont LET cust order pizza without giving a 3 digit CVV2 CODE a LONG with the rest of their card information
  7.  
  8. 2)  Therefore  Dominos is able TO immediately transact the amount
  9.  
  10. 3)  Dominos additionally attempts TO get a signed authorization again after the received "unencumbered funds"
  11.  
  12. 4) Dominos has no legal use FOR this signed instrument in a CVV2 validated transaction
  13.  
  14. 5) Dominos needs TO see card OR needs TO VERIFY the person who receives pizza was authorized TO DO so.   therefore, should just ask TO "see the card"  OR Perhaps a second form of ID instead
  15.  
  16.  
  17. Forget online FOR a minute:  A customer calls on the phone AND orders pizza. (NOT OVER the internet)  
  18.  
  19. When the pizza gets there FOR 30$.  Dominos *must* have the legal signer sign.  Otherwise, the  auth where the bank promises 30$ TO the Store is useless.
  20. IF no one is there TO receive AND sign, Dominos has lost out.   Risky !
  21.  
  22. Online purchases are NOT AT all risky
  23.  
  24. 1) Run Online transactions thu the CVV2 system.. No further auth is needed!
  25.  
  26. 2) IF Cust is there OR NOT.. It may be left TO door (we dont DO that .. but "could" )
  27.  
  28.  
  29. Since we cant have drivers guessing IF it was a CVV2 transaction OR OVER the phone credit card,   make this a blanket policy.   Get the customer the sign a auth slip (IF possible)
  30.  
  31. Now, why this bothers me so much!!!!    We are attempting TO mask our ineptitude with blanket workaround that produce more runarounds that confuses customers AND hurts our image.  
  32.  
  33. However, this opens a can of worms with a new set of legalities.
  34.  
  35. Credit card company point of view:    
  36.  
  37. Violation of customers expectations when using their card:
  38.  
  39. We tell our cardholder IF they walk into 1 of OVER  6 million locations.  ( such AS a dress shop )  they may use their credit card!  They *should* be asked TO show ID.  They *must* hand the merchant the card IF asked.   The merchant runs it OVER a PAPER carbonized copier OR the merchant runs it thru a machine that gets authorization.  They *must* sign a credit slip IF asked.
  40.  
  41. However, imagine this,  In the above, the merchant decided TO flip their card OVER AND write down a 3 digit CODE called the CVV2 AND slip it under the counter AND the customer saw this?   Visa AND MasterCard tells their customers TO call this suspicious activity into their bank AND have their card cancelled.   Why?  Now that Merchant can use that customers card online TO order anything! (lol.. other than Dominos pizza!)   The CVV2 was expensive TO create but it now hosts trillions of dollar industry.  The system needed real legal protections though,  In fact, congress lobbied who even created statues TO protect that system.  IF a Merchant  Bank wants TO being allowed in,  must pass rigorous proof they are protecting their customer's CVV2 numbers with a set minimal of Vaulting (even when electronically stored)  
  42.  
  43.  
  44. My suggestion:
  45.  
  46. Online customers may CONTINUE TO enjoy the convenience of online purchase thru the CVV2 infrastructure however unless they are creating a 2nd transaction that you need them TO authorize.. don't make them sign a slip!  
  47.  
  48. Urban folklore: (AND legal)  FACT parents leave their credit cards with teenagers AND GO online in the middle of the day AND order Dominos.     Dominos banks allow this.. since the CVV2 infrastructure protects everyone:  Dominos, Parents, Kids from ilegally signing their parents name!    The parent who has a online password orders the pizza FOR their kids (with adult supervision) opens the door TO Dominos delivery driver who may carbonize that card. Into thermal PAPER.   Dominos doesn't need to ask the kid (or adult )   to sign their parents name.     There goes the neighborhood!  Complete chaos?   What if kids go online where  Dominos acct saved the card and CVV2 code and order too much pizza?   The kid eats pizza then gets grounded .. life goes on.
  49.  
  50. Why is this a big deal?
  51.  
  52. When the customer creates a second "signed" authorization what does that DO FOR anyone? "But  don't credit card transactions have more teeth legally when signed"?   No it creates the reverse!  WE have introduced more risk into the system..  Just like a merchant secretly recording CVV2 numbers on a napkin,  Requiring a second signed authorization is a tell tale sign that something unscrupulous might happen one day.  OK, NOT even remotely comparable?   The motive is the same: both claims are FOR "extra security"  having two ways into the customer's wallet ..  both promise not the "leverage it"  .. since to do either one is "equally illegal".
  53.  
  54. Both violate the Credit card companies policies created TO protect customer identity.  Additionally, a case FOR punitive damages could be awarded TO the Credit card companies against Dominos because of their ' reputations' with Dominos customers who might somehow have experienced  "Dominos Policy".       Dominos claim to "unique business"   Fine, but don't claim he CVV2 system was a failure to our customers.  
  55. Imagine IF the courts awarded Visa/MaserCard/Discover  damages calculated by the number of customers?  Nothing compared TO legal entitlements measured by the number of transactions by Dominos.   What IF Credit card companies discover evidence the Dominos trains it's drivers to describe "why their policy is that way"?   Could you imagine the repercussions if in court if they could prove drivers where "expected to" proselytize to customer about how unsecured the internet is at protecting the Dominos "interface to the CVV2 system"?    I have been told on many occasions by drivers and Franchise owners (stores all over the Pacific Northwest (so not my current store exclusively) that Dominos invented this new verification system and it is very "unique to the pizza business."    So here is an idea, if CVV2 wont work for Dominos, and it cant be used safely or even correctly, please cease and desist at using it at all.   Instead, use the electronic + sign paper system .. it was invented just for merchants like Dominos who can deliver hand made high quality products right to their doorstep!   Even has a tipping system CVV2 doesn't have!.
  56.  
  57.  
  58. Questions:
  59.  
  60. 1) What questions can I answer TO clarify the above?
  61.  
  62. 2) From your point of view,  what are the positive AND negative implications AND costs from the status-quot?
  63.  
  64. 3)  Can Dominos just ask TO "see the card" ?  Perhaps a second form of ID in some cases.
  65. ( But NOT require a customer's physical  signature for CVV2 transactions)  
  66.  
  67. 4)  From your point of view,  what are the positive AND negative implications AND costs from #3?
  68.  
  69. 5) What are other/better possible solutions?
  70.  
  71.  
  72.  
  73. Notes:
  74.  
  75. FOR “card-not-present” transactions, signatures are NOT obtained AND the track data cannot be captured,
  76.   increasing the risk of potential chargebacks.
  77.  
  78. Three fraud detection services are available through the merchant card networks which merchants can choose TO subscribe:
  79. 1) Address Verification Service (AVS); AND/OR
  80. 2) Security CODE Verification Service (CVV2/CVC2/CID); AND/OR
  81. 3) Cardholder Authentication Service
  82.  
  83. Should a merchant subscribe TO the security CODE service, it must adhere TO the PCI Data Security Standard requirements AND associated card associations’ rules regarding NOT storing the security CODE (considered track 2 data) subsequent TO initiating the authorization. Fines range from $50,000 FOR level 2 merchants, TO $100,000 FOR level 1 merchants.
  84.  
  85.  
  86.  
  87. Funds Encumbrance Implications IF a merchant utilizes AVS AND/OR CVV2/CVC2/CID verifications, AND its configuration rules specify certain codes TO be rejected, the system rejects the transaction based on the AVS OR security response CODE.
  88.  
  89. However, the authorization CODE may be valid, which is what causes the cardholder’s funds TO be encumbered.
  90.  
  91.  
  92. All card networks use the term AVS when referring TO “address verification service.”
  93.  
  94. In the case of “security CODE verification service,” different terms are used by the card networks: Visa refers TO CVV2; MasterCard refers TO CVC2; WHILE American Express AND Discover both refer TO CID (Card Identification Data).
  95.  
  96. In the case of “cardholder authentication service,” two programs offered are “Verified by Visa” AND “MasterCard® SecureCode™.”
  97.  
  98. The services offered by Visa AND MasterCard involve the cardholder having TO enter a password in order TO VERIFY their identity, AND only applies TO cardholders that have subscribed TO the optional service with their card issuing bank.
  99.  
  100. The Visa AND MasterCard cardholder authentication services are NOT widely utilized by merchants. AS an alternative, merchants accepting payments via their website should consider developing their own method of authenticating a cardholder.
  101.  
  102. FOR example, a merchant could require the cardholder TO enter some type of identification number, such AS student number OR invoice number before being able TO make a card payment.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement