[TazeTSchnitzel]

It's quite exciting that stolen payment card details will lose most of their value for Internet purchases in the EEA soon. Long overdue I think, it's practically a backdoor to the whole Chip and PIN security system. (Though so are transactions with signature or magstripe, but those are also slowly being tackled…)

My main bank account is with Nordea, a big Nordic bank, one of Sweden's big four. They are currently quite paranoid about Internet purchases and outright do not permit any such transaction if it does not have that kind of two-factor authentication — if the merchant doesn't support it, you must log in with the app or Internet bank and temporarily turn this off for one hour. But with support for two-factor authentication bexoming obligatory in the EEA, I guess it will only be non-EEA merchants where this is a problem. :)

[andy_ppp]

Why isn’t Verified by Visa mandatory everywhere? Isn’t that enough?

[TazeTSchnitzel]

Verified by Visa with an appropriate implementation is one way to fulfill the requirement for Strong Customer Authentication. All Visa cards in the EEA will have to either implement Verified by Visa in a compliant way, or use some other method such as a randomised CVC you can find out via a mobile app.

[thelittleone]

SMS 2FA sucks for those who travel to other countries and switch SIMs to avoid data roaming costs. One bank I work with had an interesting solution. If you have their mobile banking app open (authenticated) when you get the verified by visa page, you simply click submit (enter no SMS) and it goes through.

[pbreit]

Because it would decimate checkout conversion to save a few basis points in fraud losses.

[statictype]

Is there any data on how much conversion rates drops when it's used?

[riteshpatel]

It depends on the region but it can be as high as 30% from what I've read