4 Important Online Payment Protection Tips
According to figures, global e-commerce sales are expected to top $4.2 trillion USD in 2020 and reach more than $6.5 trillion by 2023. Additionally, more than 2.1 billion shoppers are expected to purchase goods and services online by 2021. With this huge rise in growth though comes a growth in fraud. Last year, the transactional value of attempted fraud was up 13% year on year. This means retailers, and consumers, need to be more vigilant than ever before.
How to understand suspicious purchase activity
Unfortunately, fraud in e-commerce happens when a scammer makes an unauthorized transaction via an online store and uses the details of a stolen or fake credit card, meaning the you, merchant, is left without legal payment for the products or services and will have to charge money back to the customer who’s card details were compromised.
To make sure you are protected, every merchant and bank should be aware of the latest trends in fraud detection and the most common types of online fraud. Below are the most common suspicious activities which would normally flag a fraudulent purchase:
This suggests that a single fraudster is using multiple credit cards which could be stolen or purchased illegally via the dark web.
This is one of the most common types of fraud. A fraudster carries out an online purchase using a different identity. This enables them to order items under a false name and use someone else’s credit card online.
When unusually large orders are placed, especially a first-time customer - alarm bells should sound. This is because once a fraudster has trialled a stolen card with success they move fast and steal as much and as quickly as possible.
When you receive a request for fast shipping this too should be investigated. Question it. Be wary of rush orders and postage demands. Again it may mean a criminal wants to move quickly!
It is worth remembering that it’s not always fraud if it's just a single suspicious activity. Act cautiously and as mentioned already be aware of latest trends.
Enabling Address Verification Systems (AVS)
Essentially, Address Verification Systems (AVS) is a fraud protection tool. It’s an automated program that’s used to compare the billing address used in ‘credit card not present transactions’ against the information the card company has on file. AVS can verify automatically if a transaction on a card is fraudulent. It’s important to note however, that the scammer may have access to stolen information such as the victim’s name and address.
How do Address Verification Systems work?
When paying for a product or service online the consumer enters their address
The address is then compared to the address on file with the issuing bank.
Once these are compared, an AVS code is returned from the issuing bank to the merchant. This code is then used as a guide to determine how to proceed with the transaction.
Address Verification Systems are used as part of a fraud protection system to ensure valid transactions are approved, and those which are suspicious are declined. AVS are commonly used with CVV or CVV2 verification (where a consumer is asked to enter the 3 or 4 digit code on the back of a card)
Achieving PCI DSS Compliance
Payment Card Industry Data Security Standards (PCI DSS) are a set of guidelines set out by the PCI Standards Council and are in place to make sure merchants handle their customer’s credit card information securely to help reduce the possibility of sensitive data being stolen.
It is vitally important that a business is PCI DSS compliant in order to protect consumers from fraud and keep their information safe and secure. Data breaches do happen frequently and unfortunately, e-commerce sites are a prime target for hackers.
According to the 2019 Cost of a Data Breach Report, the average cost of a data breach globally was 3.92 million USD. A merchant must comply with these guidelines otherwise they run the risk of substantial fines and losing customers. If suspected data has been compromised, a PCI Forensic Investigator (PFI) will be enlisted to work out the source of the breach to ensure any compliance gaps are closed. This can run into tens to hundreds of thousands of pounds in fines for the merchant.
The six main requirements are:
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
For further information about PCI DSS and being compliant, see our “What is PCI?” page.
In order to comply with the above PCI DSS requirements and standards it’s vital you choose a reputable payment provider (PSP). A PSP effectively removes the capturing, processing, storage and transmission of card data from your e-commerce environment. Meaning a data breach is less likely to take place. Strong PSPs will have automated tools to help fight against credit card fraud with the ability to identify and stop suspicious transactions.
A reputable PSP will also provide relevant guidance and support to a business in order for it to run smoothly and safely and help it grow.
For guidance on how Opayo can help to protect your business and you customers payments online, contact our team today to discuss how you could implement tokenization, make use of our, PCI DSS compliance, and find out more about our other security and fraud prevention services.