FAQs

How can Cardinal protect my business from the online fraud expected when EMV cards roll out in the US?
When EMV cards were launched in other regions, Card-Present (CP) fraud went down and Card-not-Present (CNP) fraud went up. That is happening in the U.S. right now. Fraud is growing at 11% and some of our merchants have reported a 30%+ increase in fraud attempts. This surge in fraud puts your business at significant risk. Even though fraud is migrating online, you, as a merchant, must still stay in compliance with the card networks’ metrics.

Merchants must protect themselves or they run the risk of losing their processing accounts. Fortunately, there’s a solution. We’ve taken what we’ve learned in other EMV regions and past deployments and built the best solution possible. Cardinal Consumer Authentication (CCA) deploys multiple network programs through the 3-D Secure protocols and One Connection to Cardinal. These programs drive out fraud, increase your ability to sell more, reduce acceptance costs, and deliver a consumer experience which works for a U.S. consumer looking for a convenient checkout.

Does Cardinal provide fraud protection?
Not directly. We complement current fraud solutions in the market. Our Consumer Authentication solution works with the top industry fraud screening providers in order to give you order guarantees and a new data element that can be incorporated into your current risk system, which will become an important part of your current fraud screening strategy.

Will Cardinal’s solution negatively affect my site’s consumer experience? 
Cardinal has spent that last 10 years delivering a solution that is friction-free for your consumers and we have a demo that we can share, which shows what your consumers would experience if you were to launch our Consumer Authentication solution.

Will asking shoppers for a password during Consumer Authentication cause abandonment?
Cardinal’s technology makes sure that ONLY transactions that need to be challenged are challenged. Reasons we would allow a Financial Institution (FI) to challenge a cardholder are all related to risk; the issuer feels the transaction is high risk and they may not authorize without a passed challenge, or it’s a fraudster attempting to steal. Good shoppers will rarely see a change in the checkout process. If a good shopper does see a challenge, it’s a good thing because it will allow the issuer to let you accept their order and that’s much better than payment decline screen.

These network programs using the 3-D Secure protocols have a bad reputation related to consumer friction. Working with the top issuers and the card brands, Cardinal Consumer Authentication (CCA) has addressed all concerns. We can assure you and your shopper the best possible consumer experience in the world of authentication and the 3-D Secure protocols.

Do I get protection only on the orders where a password is entered or a challenge questions is answered during an authentication session?
No, Visa and MasterCard give you fraudulent chargeback protection on all domestic and international orders that are run through Cardinal Consumer Authentication (CCA) – whether a password is entered or not!

How is this different than AVS or CVV2 fraud screening that I use today?
AVS and CVV2 are good tools, but even when you get a “full match” on those you are still liable for the fraudulent chargeback. With Cardinal Consumer Authentication (CCA) and the network 3-D Secure programs, you receive full liability for fraudulent orders, regardless of whether issuer participation. With CCA, you are protected from fraudulent chargebacks, even if the order fails other legacy types of risk checks. This allows merchants to loosen up the controls when it comes to AVS and CVV2 when they are running CCA on a transaction.

Can Cardinal do my credit card processing too?
No, but we have great partners who can. Cardinal has strategic relationships with all the major processors and acquirers. Cardinal only authenticates cardholders; we do not authorize or settle. Our service complements what you have in place today.

Do I have to store my shoppers’ passwords or answers to challenge questions? Does that affect my PCI compliance?
No, the process in which a consumer enters their password is a secure, private session with their Financial Institution (FI), not the merchant or Cardinal. Cardinal doesn’t see the password that’s entered; we only ensure the challenge screen appears only if it needs to appear, and that it stops fraudsters and allows good shoppers to shop without a false positive. You wouldn’t need to change anything about your current security standards or expect any increased PCI costs.

Can I get these programs directly from Visa and MasterCard?
No, Visa and MasterCard only offer these programs through certified MPI providers like CardinalCommerce.

Is authentication difficult for my consumers to use?
During a challenge with Cardinal Consumer Authentication, consumers are presented with an inline frame or modal window by their Issuing Bank that is designed to keep the consumer on the Merchant site and quickly finish the checkout process. Visa and MasterCard have regulated the design of 3-D Secure inline frame windows to seamlessly incorporate these steps into the checkout process for participating merchants and their buyers. Those consumers using authentication as registered users will expect to see the inline frame in which they enter a password or complete some form of dynamic authentication challenge.

Do merchants need to assist consumers with Consumer Authentication?
Consumer Authentication is a private session held between the consumer and their Card-Issuing Bank. Merchants never see any private information shared between the bank and the consumer. The Consumer Authentication inline frame window provides customers with a “Help” link and a bank customer service number to call if they have questions or problems. Some of our merchants go above and beyond and may offer a toll free number to call. Since only a small amount of consumers are challenged with the new programs, merchants see a very low volume of help requests.