Saturday, August 18, 2012

Will Booking.com Enable Increased Credit Card Fraud?

I note with interest that Booking.com are planing to offer a default option to stop sending customer credit card CVC codes to their accommodation suppliers.

What is a CVC code?

The CVC (Card Validation Code) is also known as the CVV (Card Verification Value) and is the non-embossed 3-digit code usually found on the back of credit cards, on the signature panel.

The 3-digit security code lets merchants know that customers are physically holding the card when they make a purchase online or over the phone. The code can be validated automatically during authorisation by the merchant and is another layer of protection that confirms that the card is in the right hands. 

Merchants that insist on obtaining a CVC at the time of transaction can reduce fraud before it happens. If a person attempts to use a card number but cannot provide a 3-digit security code, or if the number is returned as invalid, the merchant will cancel the transaction. 

There is an emerging trend for merchants to request a CVC during a mail order or online sales process and this additional security measure has to be seen as positive. Any easy process that reduces the rapid rise of credit card fraud adds to the creditability and sustainability of mail order/online sales. The travel industry have a vested interest in keeping consumer's faith in feeling secure handing over credit card details and reducing instances of fraud.

An email sent by Booking.com to accommodation suppliers on Friday announced plans to stop sending CVC codes with reservations as a default option. Suppliers can elect to continue receiving customers' CVC codes by updating the "payment preferences" in their online profile with Booking.com.

In their email to advertisers, Booking.com explains:
"Why has booking.com implemented this change? Testing in the marketplace has proven that an increase in conversion (the number of bookings you get) was a direct result of streamlining the reservation process for potential guests". 
This statement is ambiguous and we assume that Booking.com will be removing the requirement for customers to enter CVC numbers during the reservation process if the supplier applies this as a default option (ie does nothing).

Will removing the CVC field (below) really increase booking conversions? 



We intuitively know that the more easy and the less data a customer has to enter while making an online reservation - the more likely they will complete.

A quick Google search of a few online bulletin boards would suggest that there is an element of customer confusion/resistance in providing CVC numbers and this may translate to some customers feeling uneasy providing this detail during an online reservation process.

After some time, the CVC numbers that are usually printed (not embossed) on cards can become unreadable with wear, making it impossible for some cardholders to make an online reservation if the CVC is a compulsory field- is this another barrier against customers completing an online reservation?

While most merchants are tightening up on credit card security requirements (in particular with card not present transactions), will Booking.com expose their suppliers to a possible increase in credit card fraudulent transactions (charge backs) by reducing the requirement of customer's providing CVC codes in the interest of increased conversions?

It is noted that Booking.com leave it up to their suppliers to collect the accommodation cost from the customer, so the impost of possible credit card charge backs is not their immediate concern.

While I'm always open to making it easy for customers to book accommodation online - is Booking.com's default supplier option of removing the compulsion of the CVC field going too far?

Click the "Get Widget" link below to place this widget on your website or blog!