How Payment Gateways Protect Against Online Fraud
E-commerce involves “card not present” (CNP) transactions, which are transactions where the cardholder cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected. Fraudsters target online businesses to take advantage of CNP transactions to make payments with stolen credit cards or to commit identity theft.???
Image Source: CyberSource?
To help businesses protect themselves and their customers from online fraud, the Payment Card Industry Security Standards Council (PCI SSC) — a forum of global brands including Visa, MasterCard and American Express — has developed a set of best practices to safeguard consumer data.?
Complying with these standards, i.e. PCI compliance, is not optional for online retailers and is strictly enforced.
Address Verification Service (AVS)??
When customers purchase items, they need to provide their billing address and ZIP code. An AVS will check if this address matches with what the card-issuing bank has on file. The payment gateway can send a request for user verification to the issuing bank.?
The AVS responds with a code that will help the merchant understand if the transaction has a full AVS match. With this service, merchants can automatically screen and process transactions in real-time, empowering them to act immediately, if need be, to manage possible CNP fraud.?
If they don’t match, more investigation should be carried out by checking the CVV (Card Verification Value), email address, IP address on the transaction, or allow the merchant to decline the transaction.?
Card Verification Code (CVC)?
The CVC (or Card Verification Code) is the 3 or 4-digit security code that is on every credit card. PCI rules prevent merchants from storing the CVC along with the credit card number and card owner’s name, so it is virtually impossible for e-commerce fraudsters to obtain it unless they’ve stolen the physical credit card. If an order is placed on your website and the CVC does not match, you should decline the transaction.???
领英推荐
Payer Authentication (3-D Secure2.X)?
3D Secure 2 is an industry authentication protocol that provides the default mechanism to perform strong (two-factor) authentication. It aims to reduce fraud and enhance security in online card payments. The protocol was introduced as an enhanced version of the old 3DS protocol and introduced a more frictionless payment flow across different devices.?
3D Secure 2 analyses over 100 key data points, including the merchant’s contextual data, acting as an advanced layer of fraud protection. The cardholder enters their card details at checkout. At this point, the merchant’s 3D Secure service provider sends an authentication request with rich data to the issuer. This data includes a varying amount of cardholder and device information upon regional or market law restrictions, such as device ID, MAC address, geo-location, previous transactions and more.?
Then, the issuer’s 3D Secure service provider assesses the transaction risk. If the transaction is determined as high-risk, the transaction goes through a challenge. In other words, it prompts the cardholder to verify their identity using biometrics, and/or two-factor authentication, i.e. a one-time password, a fingerprint etc. If the transaction is deemed as low-risk, no further action is required on the cardholder’s end. The issuer sends the authentication result to the merchant, who in turn submits the transaction for authorisation with a flag indicating the authentication result.?
Kount?
Kount, an Equifax company, delivers an all-in-one fraud and risk management solution for companies that have card-not-present environments looking to simplify their fraud/risk operations while dramatically improving bottom line results.??
Kount provides a single, turnkey fraud solution that is easy-to-implement and easy-to-use. Kount’s proprietary technology has reviewed hundreds of millions of transactions and provides maximum protection for some of the world’s best-known brands.?
Kount is integrated to our platform so you can access these powerful risk mitigation services via one interface to us along with all of our payment solutions.?
?
All of FAC’s e-commerce fraud and risk management solutions are available to merchants, banks and gateways, independent of card transaction/authorization. Contact us to learn more.