As an e-commerce merchant, you can never be too careful when it comes to processing payments online. When consumers buy goods or services from your website, they trust that their personal cardholder information will be safe in your hands. But when fraudsters find new techniques every day for scamming merchants and cardholders, it's important to keep a strict risk management system. The following are four easy ways to protect consumer credit card information.
1. Use a PCI-compliant payment gateway. Founded in 2006 by five of the top credit card associations, including Visa and MasterCard, the Payment Card Industry Security Standards Council (PCI SSC) created a set of 12 requirements. These requirements, known as the Data Security Standards (or DSS), protect cardholder data from credit card fraud. The Council enforces all organizations that handle cardholder data to meet and maintain these requirements at all times. (Learn more about PCI Compliance.)
Whether you operate a business in a low-risk or high-risk industry, accepting online payments is impossible without a payment gateway--a software application accessible through the Internet that allows merchants to process and manage their business' transactions. A PCI-compliant payment gateway will send your customers' payment information to the debit or credit card issuing bank for approval in a secure, encrypted message.
2. Offer 3-D Secure processing. Created by Visa as an additional layer of security for online shoppers, 3-D Secure helps confirm online debit and credit card transactions. Depending on the credit card association, this feature is more commonly known as Verified by Visa, MasterCard SecureCode, American Express SafeKey, or JCB International J/Secure. Merchants who want to process using 3-D Secure must request a special merchant account from their payment processor. Using Verified by Visa as an example, here's how it works:
- The cardholder activates the Verified by Visa feature on his credit card. He purchases goods or services from your online store, enters his payment information, and the Verified by Visa password he created for his card.
- The Visa Directory server receives the request from your server, and validates the credit card number. The Directory forwards the request to the Issuer access control server (ACS) to validate the credit card number.
- Your server receive a message from the ACS saying whether they can authenticate the payment request.
3. Use SSL Certificates. Installing an SSL (Secure Socket Layer) Certificate into your server validates your online store as trustworthy. When a customer visits your website, your server establishes a secure, encrypted connection with their browser. Visitors will feel safe purchasing from you when they see that your URL begins with HTTPS--Hyptertext Transfer Protocol Secure. Green or blue text means the SSL Certificate is properly working, and red text means it isn't. A padlock will appear somewhere on the visitor's browser, usually by the URL box. Clicking on the padlock will reveal the details of your SSL Certificate. Consumers can check out through your website, knowing that their credit card information is safe from harm.
4. Call to confirm purchases. If you use your payment gateway to screen new orders, then you can use common sense to spot fraudulent transactions. Calling to confirm orders will show your customers that you take fraud prevention seriously. If you get a wrong or disconnected number, cancel the order. Also, some fraudsters aren't as smart as they think, and enter the real cardholder's telephone number when placing an order online. In situations like this, you're preventing a fraudulent transaction and making the real cardholder aware that someone stole their information.
Instabill is an online payment processor specializing in high risk merchant accounts.