Top 3 payment security measures you need to expand online sales
To attract today’s tech-savvy shoppers, you should consider online sales for expanding your customer base and boosting your revenue. eCommerce continues to grow each year—and there’s no sign this growth will be slowing down any time soon. Get in on this business growth potential by allowing your customers to purchase your goods or services online. At the same time, you need to be aware of the new security issues and risks that come with doing business online.
Security should always be the first priority when selling online. Customers are more and more wary of data breaches, and will quickly stop buying from businesses that have had their payment systems compromised. A recent study reported that 60 percent of consumers say merchant websites don’t do enough to protect sensitive information, and 60 percent of consumers are not confident with retail security overall. 1 What’s more, with the U.S. implementation of EMV chip cards in brick-and-mortar locations, online stores are growing targets for fraud. When EMV was implemented across Europe some years back, card-not-present (CNP) fraud notably increased. In fact, within the first three years of the use of EMV chip cards in Europe, CNP fraud increased by nearly 80 percent. 2 To prevent a similar trend from occurring in the U.S., retailers need to be ever more vigilant about security and their eCommerce payments and operations.
When setting up an online store for your business, consider these three major security measures you should be taking:
1 Partner with a processor who knows online payments
Choosing the right payments processor is the first step to safely and securely accepting credit cards online. Select a payment processing partner that puts security first and is highly experienced in helping merchants comply with Payments Card Industry Data Security Standards (PCI DSS). PCI DSS are an important set of guidelines that apply to any entity—from the merchant to the payments processor to the banks—that receives, transmits or stores sensitive card data. When you work with a reputable payments processor that prioritizes security, you can breathe easier that your and your customers’ data are secure.
An experienced partner offers you comprehensive support on meeting and maintaining PCI compliance through system vulnerability checks, training programs and customer support. Some processors even reimburse your company for monetary losses in the unfortunate event that a breach occurs. Achieving and maintaining PCI compliance takes a lot of work, so it’s important to have a partner who understands the ins and outs of payments security.
2 Be watchful for suspicious purchasing activity
As an online merchant, you should be aware of the various types of suspicious activity that raise the red flag of potential fraud. For example, you should be on alert if your online store receives several orders from a single IP address, but using several different credit cards. This pattern could indicate that a single fraudster is using multiple stolen credit cards to make purchases from your business.
Remarkably large orders—especially when the purchaser requests next-day shipping—should also raise a red flag. Such a large purchase, shipped as soon as possible, could be a sign that the purchaser wants to receive the order as quickly as possible before the card theft is discovered and halted. But, again, this activity alone does not definitively identify a transaction as fraud. Use additional fraud tools to help determine is such a transaction is legitimate. Another sign of potential fraud is a customer email address that is merely a string of numbers and letters. Real customers are much more likely to have email addresses that incorporate real names and words.
3 Require address verification system (AVS) for all sales
It’s just the cold, hard truth: it’s easier for fraudsters to be successful online than in traditional brick-and-mortar locations. In an eCommerce store, it is much more difficult for the merchant to know whether or not the person making the purchase is truly the cardholder. In order to help prevent fraud, you should always use an address verification system (AVS) in your online store. This system checks whether the billing address is correct by verifying it against the cardholder’s data from the issuing bank. Often, a fraudster attempting to use a stolen card or card number doesn’t have access to the billing address. When he or she attempts to make a purchase and inputs the wrong billing address, an AVS-enabled system will immediately alert you. 3 It’s important to note that just having an incorrect billing address may not necessarily mean the transaction is fraudulent, so it’s important to take additional security measures to ascertain the identity of the shopper.
AVS systems are often used in conjunction with CVV2 verification, which refers to the 3- or 4-digit number, usually found on the back of the card on the signature panel. Just like with the billing address, fraudsters are fairly unlikely to have the CVV2 code for a stolen card. Requiring both CVV2 and AVS provides you with peace of mind knowing that your systems are set up to protect against fraudulent transactions.
Additionally, consider investing in security technology that will quickly alert you and your staff to activity that could signal fraudulent activity. Some online payments platforms do this automatically, so check with your payments processor to see what they offer.
Keeping vigilance over the security of your online payments systems and eCommerce store is a continual process. Use the three tips above as a starting place; consult with your payments processor or other industry expert to ensure you are taking all of the necessary precautions. A reputable and experienced credit card processing partner can help you make sure you are taking all the important steps to protect your customers, your business and your reputation.