Google kicks Maestro into touch

Maestro -> Visa

My HSBC debit card got damaged so I requested a new one. Instead of giving me another Maestro card, they gave me a Visa card, stating that they're making this move because it's more widely accepted. This is true but I didn't think Maestro was generally getting phased out? Seems like only yesterday that it replaced Switch.

Stop using Maestro, or just stop using google checkout?

Lets face it, google checkout is easier to replace than your debit card.

Oh well, I quite liked google checkout too.

Bleh

First Google Checkout, the only payment method for the Android Market, only allows Maestro cards to buy apps priced in GBP (which is very, very few apps - I gather developers can only set the price for their nationality and no other prices), and now this... It's rather disappointing!

Is there something weird going on with Maestro?

...HSBC have dumped them as their debit card of choice as well (and that happened quite quickly too), which must have been a fairly chunky number of customers.

People use Maestro online?!?!!

I got a note from HSBC UK a few weeks ago saying that they were phasing out Maestro as it is going to be closed. Now whether this is Maestro as a whole, or just HSBC UKs involvement I am not sure. Either way I now have a new Visa card instead of my old Maestro.

Guess that is consolidation for you and Google are simply prempting.

Of course there is the small matter that Maestro has an upfront transaction fee AND then a % transaction fee, so on anything less than around 20 quid, it's simply not worth a stores time to accept it for online payments - and definitely not worth it for values less than a tenner.

First Direct

When my Switch / Maestro card was renewed in January First Direct sent me a Visa Debit card instead, maybe Google had forewarned them...

Sneaky f**kers

A lot of banks now will not accept ANY maestro transactions without the 3d secure password, which is clearly why google have taken their ball home.

However, maestro plus visa/mastercard have been very sneaky here with 3d secure.

If your card is in the 3d secure scheme, yet you have not registered for a 3d secure password, you are responsible for any fraud commited using the card.

For example, if you have a barclays debit card, those cards are in 3d secure. Even if you dont use it on the internet, if the password has not been setup then the banks hold no responsibility for the fraud, neither do the retailers (who foot the bill on non 3d secure transactions).

As an online retailer, this was a fact we were made aware of by our bank months ago, yet as a consumer I've not been told a thing about this. The majority of transactions will still go through without a password.

Mini Rant

@Rtdro: If you have a Maestro card at present, I doubt you will for long. IIRC all major banks are ditching Maestro.

I'm having to update a payment system to implement 3DSecure just because MasterCard have enforced it on Maestro transactions. I can only assume they've done this to increase 3DS use without harming MasterCard if it all goes wrong - which it is, considering that all major banks are ditching Maestro and many merchants are no longer accepting it (my PSP even has an option to refuse all Maestro payments).

As for being more secure, it's simply not and that's just a cover for its real purpose - it offloads responsibility from the card companies to customers if they're enrolled, and to merchants if the merchant isn't using 3DSecure.

Of course, once I've finished updating the payment system to handle 3DSecure, it's on to PCI DSS - another huge pile of crap from the card issuers.

Yeah HSBC ditched Maestro too

They are converting all their customers away to Visa Delta when their old cards run out.

Its all down to 3d secure

A lot of merchant acquirers are dropping acceptance of Maestro, google is just the latest in a long line who dont want to or wont deal with Maestro.

crock

The whole "Verified by Visa" thing is a crock of shit whose ONLY purpose is to put the onus for lack of Visa security onto the customer. If you forget your password, you just need one extra bit of information to change the password there and then to make the purchase. Not exactly secure AT ALL, yet it allows Visa to pretend.

Switch / Meastro Debit is being dismantled

As I recall the UK banks handed over the running of the Switch debit card scheme to Mastercard a few years back, Mastercard rebranded it Maestro.

The banks/mastercard don't make much out of Maestro debit , it's a fixed fee to the retailer (30 odd pence - total 30p) and thats it. It incurs no % of the transaction charge, unlike the competing credit card schemes (30 odd pence plus 2.2% or so of the transaction value, so on a £100 transaction that totals a charge of around £2.50).

Since getting hold of it, Mastercard/Banks seems to have buggered around with the scheme to make using Maestro Debit inconvenient for both cardholders and merchants, IMO because it's not as profitable and competes with the more lucrative credit card business.

I don't know why Google have declined to be upfront, and simply state why they are dropping such an important debit card scheme? Perhaps it is to do with 3D Secure (Securecode, Verified by Visa), but the 3D system is already deliberately used to distort and limit competition within the online payments market.

There really does need to be an OFT investigation into the continued undermining of the less profitable debit card schemes. These debit card schemes should be properly protected, we shouldn't be pushed towards indirectly paying £2.50 to the card schemes/banks just to purchase £100 of goods online, just because the debit card schemes have been made delibrately difficult and unattractive to use.

re: Is there something weird going on with Maestro?

I forget where, but I recently visited an online store which had a notice to the effect that they "only accept UK issued Maestro cards".

Cost?

IIRC, Maestro transactions cost more than Visa Debit transactions, so this could be a factor.

The Maestro system in the UK is a mess anyway - whose bright idea was it to use the existing Switch network and thus make international Maestro incompatible with UK Maestro? I'm surprised that MasterCard hasn't forced the banks to switch to MasterCard Debit cards yet, which are processed through the MasterCard network.

Vbv Joint Account

Myself and my wife have a joint account with a Visa debit and credit card. The VbV system is too stupid to know if it's me or my wife making the payment thereby requiring me to remember both my wife's and my own passwords so that I can successfully complete the transaction depending on whichever account it randomly decides needs to verify it.

And to repeat what has already been said, how can doing this in an iframe and being able to reset the password by entering a dob possibly be secure enough to absolve the banks of all responsisbility for fraud.

What a joke.

Colin

I don't care

I don't really care what name is on the service/card/website. If you won't accept my payment, someone else will.

3D Secure

------------------

It typically comes up as an iframe inside a site, ie without a url bar so you can't verify that it's really coming from visa/mastercard or that it's even using ssl... A malicious site could easily spoof it.

------------------

Crap isn't it? - but that's PCI preferred method of doing it to circumvent pop-up blockers. Yes, I have recently completed the full 3D Secure & PCI DSS compliance malarky at the company I work for. Incidentally the iframe content doesn't come from either Visa or Mastercard but the customer's bank - if their bank isn't enrolled in the scheme 3DS verification is bypassed (unless you configure your PSP systems to block non-authed transactions).

The benefits of 3D Secure are to the card issuers and the merchants - the card issuers (Visa/Mastercard) accept less liability and the merchants can get a reduced cost-per-transaction charge... as I understand it, the card HOLDER is no more liable for the transaction than they were before - it's their bank that picks up the cost of the fraud rather than Visa/Mastercard. I guess the bank may well have a "Fuck You" clause however that'll shift liability to the customer.

PCI DSS compliance has the tiny benefit that your site has to undergo regular automated penetration testing to pick up on some of the more common security pitfalls (it's by no means perfect though). If you know what you're doing you're probably well aware of most of these issues anyway.

------------------

The VbV system is too stupid to know if it's me or my wife making the payment thereby requiring me to remember both my wife's and my own passwords

------------------

That's not necessarily the VbV system itself - it's more likely to be shonky implementation on the part of your bank.