As credit cards become more secure for in-person use through technology such as EMV, some scammers and fraudsters turn to the Internet to continue using cards for unauthorized purchases.
With some reports indicating that online fraud attempts increased by as much as 30 percent in 2015, every E-commerce business should utilize anti-fraud tools (like Address Verification System and CVV codes) for a first line of defense against scammers.
You don’t have to stop there, though. In fact, if you do a lot of business online, sell high dollar-value items, or just want to make sure you’re protected, here are some advanced anti-fraud tools you can implement when taking credit cards online.
Related Article: Front-End Fraud Protection: Can You Have Too Much?
Your processor may implement this tool automatically if they offer it, but it’s worth asking. Tokenization is the process of replacing sensitive information (like card numbers) with a “token” that is meaningless outside of that one transaction. Even if a hacker intercepts the information, it’s useless to them, unlike intercepting a credit card number.
Tokenization is one step further than encryption, a security feature that scrambles sensitive data as opposed to transmitting it as-is, or readable without any decoding (often referred to as “clear text.”) Encrypted data must be “decrypted” before use.
Generally speaking, transactions and other sensitive data should be encrypted at the minimum and tokenized if possible, to provide security to both you and your customers. Some processing companies offer encryption or tokenization as part of a larger security package, which may or may not have an additional cost. Be sure to check with your processor for more details.
IP Filtering and Country Blocks
Some E-commerce platforms have IP filtering options built in, allowing you to easily manage IP addresses or the “address” of a computer. With IP filtering, you can block specific addresses from accessing your site or placing orders, so if you know a particular IP has placed (or tried to place) an order, you can prevent them from doing it again.
Additionally, you may be able to choose to block traffic from specific countries, which can be helpful both in preventing overseas fraud and in saving time if you can’t serve customers in those countries anyway.
The downside to IP filtering is that it’s not foolproof, fraudsters who are good with computers can usually get around IP filtering or spoof an IP address to gain access. However, for scammers looking for a quick job, it may put them off, protecting you and sending them to look for easier targets.
Related Article: Protecting Your Payments: Tips For Fraud Management
3D Secure Technology
MasterCard and Visa both offer 3D Secure solutions, called MasterCard SecureCode and Verified by Visa. These two options can decrease the likelihood of fraudulent online transactions, but may also put off some legitimate shoppers. It’s up to you to weigh the pros and cons to decide if they’re a good addition to your security toolkit.
How It Works
3D Secure works by requiring a passcode at the time of purchase. The passcode is not the CVV or another number on the physical credit card but is a code that cardholders create themselves, much like any other password for email or online banking. The cardholder only needs to create the passcode once and then can use it anytime they shop with a 3D Secure-enabled business.
MasterCard and Visa strongly encourage consumers to keep their 3D Secure passwords to themselves, as sharing it will allow anyone with that code to successfully complete the 3D Secure check. You can use 3D Secure in addition to standard fraud tools like Address Verification and Card Verification Value to add another layer of protection at checkout.
Both MasterCard and Visa indicate that businesses using 3D Secure may have less liability in the event of a chargeback, which can save money if a fraudulent transaction does come through. Additionally, 3D Secure may help prevent fraudulent transactions from happening in the first place, reducing the need for customers to issue chargebacks.
Unlike some other tools, 3D Secure may also help limit your responsibility in cases of “friendly fraud” (fraud where an authorized user claims their card was used fraudulently) as the card brands consider transactions that pass 3D Secure to have gone through a higher level of scrutiny.
Another pro is that there is usually little or no cost to utilize 3D Secure. The card brands themselves don’t charge for it, but your processor may impose a setup charge or other small fee, so be sure to ask.
Related Article: Calling All Clicks: 3 Ways to Keep Click Fraud Away
The drawback to 3D Secure is that it adds another step to the checkout process, which may increase your order abandonment rate, especially if you already have an involved checkout process. Additionally, 3D Secure opens a popup window for customers to enter their passcode, which some customers may distrust and close without completing it.
If you decide to implement 3D Secure, you should contact your processor to find out what specific steps you’ll need to take, as well as any plugins or updates to your website that you may need. You can also check out the Verified by Visa Merchant Implementation Guide on Visa’s website.
These days, it’s more important than ever to make use of anti-fraud tools. The options available from credit card processors and third party companies make it easier, allowing you to tailor the tools to your needs and create a solution that’s right for your business.