Everything you have to know about Payment Security

Everything You Have to Know About Payment Security

A Guide For Merchants

Everything You Have to Know About Payment Security

With growing numbers of eCommerce and m-commerce transactions, there are new opportunities for cyber criminals. As a merchant, you need to ensure that you provide the best payment security and that your customers don’t have to worry about their data. Are you sure payments on your website are processed in a secure way?

How do you provide secure online payments?

It’s your responsibility to have the purchasing process under control and reduce the risk of fraud at every step of checkout. Data thieves’ knowledge of how new technologies work is impressive. For that reason reducing the vulnerable points of payment processing is a crucial part of every eCommerce business. You need to know the payment security solutions.

SSL protocol

The first thing you need to do for your payment security is ensuring that your website is secure. Are you using SSL protocol to encrypt information on your site?

image02

SSL certificates show your website is protected and will grow your online reputation as well. All information, such as credit card details and other sensitive data is protected. It also improves brand awareness and builds credibility with customers. The SSL is symbolized by a padlock icon in the URL bar and the web address begins with https. The SSL comes with many benefits for your online business, so make sure you’re using it to protect your customers well.

PCI Compliance

You’ve probably heard about PCI Compliance if you process payments on your website or looked into implementing online payments in the future. Payment Card Industry Data Security Standards (PCI DSS) tell merchants how sensitive data used in payments should be secured. It requires data encryption to provide payments without using real card data that’s visible while processing. Note that PCI guidelines also consider tokenization in the future version.

Also see: Why PCI matters?

Doing business should be based on trust and PCI compliance helps improve security. You need to do everything to decrease the risk of payment and data fraud that could damage your brand’s reputation.

Tokenization

Tokenization is the technology that makes it easier to improve payment security and provide a payment process without vulnerabilities. Tokenization makes customer authentication during the purchase possible without affecting the transaction’s security.

In short, a token is a random string of characters that replaces sensitive information, such as a 16-digit credit card number. The payment process involves sensitive data, so merchants need to understand where the vulnerabilities exist. With tokenization, the chances of a data breach are reduced. Even if a token number is stolen, it would be meaningless to the fraudsters.

As consumers demand more amazing digital experiences, the world of retail is in a transformative phase and recent data breaches have increasingly put the safety of the consumer on the Board agenda. This is further exacerbated by recent regulations such as the EU General Data Protection Regulation to the EU Payments Services Directive 2 (PSD 2). Indeed, PSD2, with a key focus on protecting consumers and opening up access to new providers in the payments ecosystem, will force us into better behaviours by increasing security and fraud prevention and notably by specifying stringent requirements in authentication and accountability for all players. And of course, we must not forget PCI DSS, where compliance requirements are now more risk-based than they have ever been (which is a good thing). This will require new approaches to ensure the integrity of the ecosystem (identity management, authentication technologies such as biometrics (even 3D Secure is getting a makeover!), adaptive fraud monitoring, threat intelligence, analytics, security, etc.), and I believe that fraud prevention and information security will converge more and more. I have been an advocate of this for many years, but don’t take my word for it: already, both Visa  and MasterCard  have made moves in that direction by combining fraud prevention and traditional threat intelligence…

Neira Jones, Advisory Board Member and Ambassador, Emerging Payments Association

3D Secure

Moreover, considering a payment solution with 3D Secure helps prevent fraud in online credit and debit card transactions. It gives extra protection to transactions and comes with many benefits. 3D Secure creates a secure password for the shopper’s credit card. Every transaction is then verified with the password, which adds an additional layer of security. It can decrease the number of fraudulent transactions and boost your revenue.

Address Verification Service

You can also use an Address Verification Service, which requires customers to provide the billing address associated with their credit card. When the address on the card matches with the one in bank’s documents, the transaction will go through.

image01

Source: Global Study on the State of Payment Data Security

Many companies have a problem determining the location and storage of their payment data, but 42% of companies claim that payment data is at the greatest risk when it is stored. A Global Study on the State of Payment Data Security shows that over 50% of organizations had a breach involving payment data within the past two years.

How do you prevent fraud?

Merchants need to know that the number of vulnerabilities they face is constantly growing and they have to be prepared for fraudulent activities at any time. Make sure that you comply with the payment, security, and risk standards of the countries you operate in.

Payment fraud is now one of the biggest problems for online business owners. It has also become a challenge for companies that offer financial services. According to a LexisNexis® RiskSolutions report, merchants lost an average of 1.32% of revenue to fraud and its related costs. Fraud in the eCommerce world could happen anytime and anywhere, so it’s hard to eliminate it. Moreover, it’s costly and affects your credibility with customer’s trust. Payment fraud is considered any false or illegal transaction. Cyber thieves usually steal someone’s money, personal property or sensitive data.

With the Internet of Things and wearables creating new concepts such as “Pay-By Fridge” or even “Pay-by-Car”, with Amazon bringing us the Dash Replenishment button for automatic re-ordering of goods and a new music streaming service based on their Echo device, and as the world goes even more mobile and digital, the challenges faced by merchants and their security and fraud professionals must not be underestimated. Indeed, the more and the faster we connect, digitise, innovate and share information, the more risks are introduced as criminals also connect, digitise, innovate and share information… As we increasingly go mobile and digital it is frightening to note that businesses haven’t kept up pace with criminals. Indeed, as more than a third of global online transactions are now mobile, it is frightening to see that most companies do nothing to protect their mobile apps (or indeed their APIs).

Neira Jones, Advisory Board Member and Ambassador, Emerging Payments Association

The worst thing about payment fraud is that it’s impossible to avoid. The 2016 Identity Fraud Study shows that in the past 6 years fraudsters have stolen 112 billion dollars. eCommerce and mobile commerce sites are getting more popular, so fraudsters look for new possibilities to steal important data. Fraudulent activities are made for personal gain and are frequently committed against consumers. They could be unauthorized transactions, fake requests for a refund, using the service without paying the due amount, etc. It’s a real threat to payment security.

Even though technology is developing rapidly, it’s still impossible to completely prevent fraud. But, there are warning signs you can look out for to limit the number of fraudulent activities. The following are things you can do to minimize the risk of being hacked.

The first thing you need to do is monitor your orders before shipping them. Watch international orders closely as well. It could be time consuming, but it will save you money. It’s also a good idea to require a signature upon delivery to ensure that the order is delivered and in good hands. Pay particular attention to late night and early morning orders, as it’s the time period fraudsters often make purchases.

You also want to pay attention to orders shipped to other countries. When merchants sell globally, they need to know keeping a transaction secure could be more difficult. It’s related to the different payment methods and banking systems used in each country. What works in one country, may not work in other regions.

There were 12% more fraud attempts in 2015 than a year before. It is expected that fraud will grow from $10 billion to $19 billion in online channels. Identity theft has become a real problem that’s had an impact on these statistics.  

image00

Percent tracking fraud costs and transactions by payment channel and method (2016), source: 2016 LexisNexis® True Cost of Fraud Study

Fraud detection can be costly, time-consuming and it needs comprehensive knowledge. Fraud activities could be similar, but are rarely identical. That’s why it’s so hard to detect fraudulent transactions. And it’s impossible without highly-effective anti-fraud solutions. Consider finding the right fraud protection service or choosing the payment gateway with fraud management tools.

Even if you provide security for payments, fraudulent transactions can still occur. If that happens, you’ll need to take steps to solve the problem, such as preparing the documentation connected with the fraudulent order, etc.

What should you know about chargebacks?

Chargebacks usually come with fraud. Many companies face chargebacks related to fraudulent activities and it’s their responsibility to avoid the suspicious transactions and keep the payment security on the highest level.

Chargebacks occur when customers dispute a charge on their bill. The reasons for chargebacks include accidentally charging an account twice or the transaction charge was for a different amount then displayed on the site. Chargebacks also happen when the ordered product isn’t delivered or a customer is not satisfied with the item or service. But in most cases, it’s related to stolen credit card data.

When the cardholder requests a chargeback, the issuing bank begins the procedure. They contact the acquiring bank which tells the merchant about the chargeback request (see more in the guide to chargebacks).

Chargebacks are always costly for merchants, and if the bank claims that a customer is right, the merchant will lose the sale and have to pay the chargeback fee. You can limit the number of chargebacks, but it’s impossible to eliminate them completely. One of the most important things to do is to update your website and fix errors regularly.

How do you minimize the payment risk?

Payment risk is the risk of loss due to some “payment events”. Many companies, especially ones that handle a high volume of online payments, have been forced to drive their payment risk management strategies to avoid difficulties and harsh consequences. Keep in mind that every payment method involves risk and these could be fraud or operational risk (when the financial loss is due to human or technical errors).

It’s important to monitor your payments to predict the possibility of the risk. But, if you make a wrong decision, it could be costly. Sometimes it’s better to let a specialized company manage the payment risk on your behalf. You can also choose a payment gateway with fraud prevention tools to manage the risk.

Knowing the risk helps you to reduce the likelihood it will occur. You need to consider what the potential threats are, how quickly it can be detected, and how much it could cost.

How do you limit financial losses?

Now you know what the risk is and how it can affect your business, it’s time to take precautions to limit fraudulent situations and chargebacks. Take the following steps to make your payments safe and minimize the number of chargebacks.

  • Verify customers with the card-issuing bank.
  • Use payer authentication.
  • Provide updated product or service descriptions.
  • Make sure your payment descriptor reflects the brand that the customer is buying from (it could be your store’s name for instance).
  • Include your phone number on the descriptor. There is more possibility that the customer will call you first before contacting the bank.
  • Send confirmation emails to customers with all transaction details and keep them informed of the transaction status.
  • Provide shipping details with tracking information.
  • Make the refund policy clear.
  • Keep all information regarding past fraudulent activities to recognize which transaction might be considered risky.
  • Analyze trends.
  • React instantly.

Sometimes you can predict fraudulent activities and if you’ll watch closely, it’s possible to reduce the fraud. Keep in mind that in such a digital era fraud activities are almost impossible to stop. See what you can do to limit the fraud attempts.

You need to understand that suspicious activities can damage your company’s reputation and could cost you much more than just money. Of course, every payment method involves risk, but it’s your responsibility to manage the payment risk to avoid fraudulent situations (and even a bankruptcy). To be honest, there is no space for any mistakes and wrong decisions. In all, the success of online payments and the payment security depends on the ability to control the risk.

How could blacklisting help?

Every reputable online business feels responsible for protecting their customers from fraud. eCommerce owners and online companies are always on the lookout for more secure ways to make online transactions, which includes detecting and blacklisting hackers as well as scammers. Blacklisting is a helpful solution when acting against identity theft and online financial frauds.

With blacklisting, some awkward tendencies from untrustworthy customers are tracking and recording. It is possible by filtering customers by region, IP address, credit card and address. All data is monitored and investigated. When there is a match with details of a blacklisted customer, the transaction won’t be completed. This method helps keep your system clean and safe.

Are you ready to give your payments the highest level of security?

It’s the right time to get involved in cyber security. Today’s online users are becoming more aware of security issues. They want to know what happens to their data and how it is secured. Even the most innovative technology has weaknesses that others discover, so you can’t ever be 100% sure that your payments are safe. Basically, if you don’t watch for it, someone could hack the system you use.

Consumer adoption will be key: those organisations able to contribute to the enhanced payment security with that have a thorough understanding of their consumers’ behaviours and preferences that are able to provide them with solutions that are not only usable but safe and secure, will be the winners.

Neira Jones, Advisory Board Member and Ambassador, Emerging Payments Association

It takes a lot of effort and energy to keep payments secure, but you should always monitor and analyze all data to ensure there aren’t any open gaps. Watch closely for any type of threat, attack or suspicious activity.

No time to read? Get the post as a PDF!

Everything You Have to Know About Payment Security
Get the PDF