Technology development, a growing number of online transactions, and a fast-paced lifestyle create new opportunities for cybercriminals. As an online merchant, you need to provide the highest level of payment security to assure your customers that their data are safe.
Preventing Card Fraud
Financial institutions and card issuers have adopted a comprehensive approach to security that tackles fraud on four fronts. The first step is to devalue sensitive information to make it less useful if it falls into the wrong hands. An example is tokenization, which “converts credit card numbers into randomly-generated values (tokens).”
A token is a unique number relating to a specific transaction and has no use beyond that transaction. Consequently, a cybercriminal will find the token data he has obtained to be worthless.
Second, there is increasing reliance on the analysis of data, with the object of detecting unusual patterns, for example where the location of the transaction differs from that of the cardholder’s mobile phone. Third, pushing businesses and others in the payment system to observe industry protocols, such as the Payment Card Industry (PCI) standards, for the protection of data. For example, under PCI standards, neither point-of-sale (POS) terminals nor a business’s own records, can store consumer’s credit card numbers.
Finally, alerting consumers to the dangers of card fraud and encouraging them to adopt best practices, such as monitoring their accounts regularly.
Payment processing systems allow businesses to take payments for goods and services using credit cards, debit cards, and checks. These systems check the details received during the transaction by forwarding them to the respective card’s issuing bank or association for verification. During this process, the sponsoring organization will carry out a series of anti-fraud measures before settling the transaction. All of these payment process steps must happen before the transaction can be cleared (that is, while the customer is waiting).
Let’s look at a few effectual ways payment gateways
should imbibe to reduce online fraud-related losses:
Address Verification Service (AVS)
AVS is an effective security measure to detect online fraud. When customers purchase items, they need to provide their billing address and ZIP code. An AVS will check if this address matches with what the card issuing bank has on file. Part of a card-not-present (CNP) transaction, the payment gateway can send a request for user verification to the issuing bank.
The AVS responds with a code that would help the merchant understand if the transaction is has a full AVS match. If they don’t match, more investigation should be carried out by checking the CVV (Card Verification Value), email address, IP address on the transaction or allow your payment gateway to decline the transaction.
Card Verification Value (CVV)
The CVV (or Card Verification Code ) is the 3 or 4-digit code that is on every credit card. The code should never be stored on the merchant’s database. A CVV filter acts as an added security measure, allowing only the cardholder to use the card since it is available only on the printed card. If an order is placed on your website and the CVV does not match, you should allow your payment gateway to decline the transaction. While making a card-not-present transaction (online, email or telephone orders), merchant gets the required card information from the customer to verify the transaction. Friendly fraud, is a risk associated with CNP transactions, that can lead to a chargeback. Enabling a CVV filter helps merchants fight fraud and reduce chargebacks.
Device identification analysis the computer rather than the person who is visiting your website. It profiles the operating system, internet connection and browser to gauge if the online transaction has to be approved, flagged or declined. All devices (phones, computers, tablets, etc) have a unique device fingerprint, similar to the fingerprints of people, that helps identify fraudulent patterns and assess risk if any.
Companies like ThreatMatrix, monitor the device ID, using it as a reference point to see if other people have flagged it as a suspicious or fraudulent activity. Fraudsters cannot impersonate a computer’s unique identity, making it a viable option for protecting your business against online fraud.
Flag Large Transactions
With stolen card information, fraudsters will take a shot at making large transactions before the card is blocked. This would be deleterious to your business (big or small) where you will have to bear the cost of allowing a fraudulent transaction to take place. It can also lead to a payment processor terminating your processing account, and your business would take a big hit.
You can limit the number of large transactions by specifying a flat dollar amount, which is an essential step towards avoiding chargebacks. In addition to this, you can limit the number of failed transactions that go through the payment gateway.
Payer Authentication (3-D Secure)
Payer authentication, also called Verified by Visa (VeB) and MasterCard SecureCode, is a cardholder authentication measure that secures online transactions for customers. This method allows cardholders to create a PIN (secure code) that can be used during checkout to confirm the user’s identity. By implementing this, merchants are provided chargeback protection and lower interchange rates.
This is one of the most sought-after fraud prevention tools that businesses undertake that also looks after their interests
If you are shipping items overseas, you need to exercise greater restriction for such orders. Pay more attention to orders made from countries considered to be “high-risk”. Customers in these countries have to call the company to verify their identities before their transactions are processed.
According to the Online Fraud Guide, some of the countries with the highest online fraud rates are Israel, Malaysia, Egypt, Pakistan, Ukraine, Russia, Bulgaria, Romania, Lithuania, Nigeria and Yugoslavia.