August 1, 2009 - Mumbai, India.



The first ad announcing U2's India tour is barely out and thousands are clamoring for front row tickets. Steve and his college buddies - Jay, Amita, Christine and Rahul want to have a reunion at their favorite bands' concert. Instead of braving the long lines, Steve decides it will be smarter and quicker to book online. He quickly logs online to event website and clicks on the book now button, enters his personal information, ticket number and proceeds to pay but as he enters his credit card number, he can't help remembering a friend who had his card information hacked and misused. He suddenly develops cold feet, abandons the online booking, deciding it is safer to brave the long lines.

Rumors and insecurity are the most common causes behind a lot of abandoned online bookings. The Reserve Bank of India (RBI), in effort to beef up the security on the online transaction process, has decided to enforce the use of 'third factor' authentication process. This involves using a secret 6-digit unique pin number given by the card-issuing bank to the cardholder. This is to be entered by the cardholder during the transaction process. The logic is that since this number does not appear anywhere on the card, it is known only to the cardholder and therefore not likely to be accessed by fraudsters. Verified By Visa, MasterCard Secure Code is some of the third factor authentication processes in the industry.

These steps have been initiated by the RBI to dispel any insecurity amongst online consumers and to encourage growth of the Indian eCommerce market. By making it mandatory for all banks to add an additional authentication or verification process, it has taken a significant step towards ensuring the security of the cardholder's sensitive card data.

It is important to note that since these authentication protocols use non-card based cardholder information to verify the cardholder's identity and that since only the cardholder has access to this information, the assumption is that if the pin number is used to confirm the transaction, the cardholder has actually done the transaction himself. The implication of this is that the cardholder cannot deny that he has not done the transaction at a later point in time. He will then have to bear the liability in case there are any disputes. This is markedly different from the pre-third factor authentication rules that allow a cardholder to dispute non-VBV and non-MSC transactions by simply writing to the issuing bank saying that he has not done the transaction.

For an event organizer like you, who is accepting registrations and selling event tickets online, this is good news. Earlier, you had to bear the liability in case of disputes and in dispute cases, pinning down the delegate was very difficult. Now these measures will make the delegate more accountable and help reduce your chargeback losses.

How it works?
When a delegate executes an online transaction through a MasterCard or VISA credit card, in addition to entering his 16-digit credit card number, card expiry date and 3-digit CVV number (on the back of the card), he will have to confirm the payment with his 6-digit MasterCard SecureCode* (MSC) / Verified by Visa* (VBV) password. Failure to enter this password will lead to a 'Transaction Failure'.


*Delegates can obtain their MSC or VBV password from their card-issuing bank.

The situation now is that currently less than 40 per cent of the Banks' active customer base (Source: IAMAI) have been registered. The reasons range between the banks not having informed their customers to the banks have not updated their systems to accommodate this new process. So, in the short term, you might see a slight increase in the number of declined transactions. However, as banks get their acts together and make progress in taking steps to educate and inform their customers about the RBI mandate, things will get better.

There are also measures you can take to reduce declined transactions. Here are two simple yet effective solutions:

	Minimize the impact of the new third factor authentication process by posting banners encouraging delegates to apply for their VBV or MSC PIN at his issuing bank's website.
	You can also reduce the number of declined transactions by advising those who do not have a MSC or a VBV password to use one the alternative payment options offered by EventAvenue i.e. pay using the bank accounts. EventAvenue offers direct debit to bank account facilities with over 19 banks currently and more are being added every week.

By taking these steps, you can minimize any loss in registrations or ticket sales due to the changes in the regulatory environment.

To summarize, while RBI's directive to banks to implement a third factor authentication will lead to a slight increase in failed transactions, EventAvenue offers sufficient alternative methods of payments to minimize the impact of this issue on your event registrations.