01 January 0001
With more customers shopping online, it's important to make sure your method of offering payments is safe and secure.
In this guide, Bira's card payments provider Global Payments explains how to protect your customers from fraud.
More people are shopping online than ever before. And where the money goes, so do cyber thieves, leaving consumers questioning whether their personal and financial information is truly safe.
Data breach costs rose from $3.86 million to $4.24 million worldwide in 2021, according to IBM's Cost of Data Breach Report, the highest average total cost in the 17-year history of this report.
At the same time, retailers are at risk for significant losses due to fraud. One estimate is that fraudulent online activities like identity theft, chargeback fraud, and account takeovers will have cost retailers more than $20 billion in 2021.
For the online retailer, this means you, and your payment provider, have to implement best-in-class security to give your customers complete confidence in your ecommerce business. Here is a two-phase approach we suggest to aid your business with fraud prevention.
Phase 1: Strengthen your security
To strengthen fraud prevention, we've identified four areas to help improve security and save your business money in the long run.
Determine your PCI compliance strategy
One of the most important decisions you'll make when considering your payment strategy is hosting payment processing yourself or outsourcing it to a third party. This decision will directly impact your level of responsibility in managing PCI compliance.
â— With the self-hosted model, you take full responsibility for managing all PCI compliance, including an annual card security assessment. Depending on your size, you will also likely need to hire a Qualified Security Assessor (QSA) to validate that you are PCI compliant.
â— With the fully hosted model, you shift much of the burden of card security compliance to a PCI-compliant third-party processor to manage most of your payment processing needs. The fully hosted model allows you to reduce your PCI compliance burden as the payment processor will be responsible for protecting all cardholder data in its possession. Because this is the focus of their business, they're able to invest in the technology and processes required to keep your customer data secure.
Take advantage of tokenization
Tokenization allows you to replace sensitive data such as primary account numbers (PAN) and customer information with tokens that shield access to a customer's payment data. As a result, your customers' data stays safe because your business can only interact with the tokenized version of that information. In addition, tokenization is irreversible; once the data is tokenized. Therefore, your customers' data cannot be reverted to its original state, reducing the ability of cybercriminals to steal customer payment data.
Enable 3D Secure
3D Secure (3DS) is the umbrella name for the payment networks' online authentication solutions.
These include:
â— Visa Secure
â— Mastercard Identity Check
â— American Express Safekey
â— J/Secure for JCB
â— ProtectBuy for Discover and Diners International
It's an authentication protocol designed to reduce fraud, increase customer security, and decrease merchant liability for chargebacks. Our advanced version of 3D Secure—3D Secure 2 (3DS2)—gives your customers a seamless ecommerce experience without compromising on security. Not only does 3DS2 use biometrics and other methods for quick, smooth authentication on any device, but it's also the only card authentication method that meets European Strong Customer Authentication (SCA) regulations.
Offer multi-factor authentication
Account takeovers lept 282% for ecommerce businesses during the pandemic, as fraudsters attempted to leverage weak or stolen passwords to steal payment data or make fraudulent orders. By incorporating multi-factor authentication (MFA), you can give customers the ability to enable an extra layer of security that is independent of their password.
When a customer enters their password to complete an online transaction, for example, they will get the option to have a one-time code sent via text or email. If the customer transaction is legitimate, the customer will likely have their phone and can enter the code provided with no problem. However, if it's a fraudster, trying to log in with a stolen password, they likely won't have access to the phone and would be out of luck.
MFA requires at least two forms of authentication, each from a separate category. Those include:
â— Something you know (knowledge), such as a password or PIN.
â— Something you have (possession), such as a phone or credit card.
â— Something you are (inherence), such as a retina scan or fingerprint.
Other authentication methods include answers to secret questions (knowledge), a token or key fob (possession), or biometrics like voice or facial recognition (inherence).
Phase 2: Promote your security to your customers
Once you have security protocols in place, make sure you share what you're doing and why with your customers to build their confidence in your brand, encouraging them to transact. Here are some ways to promote your security:
â— Display trust logos from verified financial brands like Visa, Mastercard, American Express, PayPal, Google Pay, WeChat Pay, and more at your checkout and throughout your website.
â— Promote that your business is PCI compliant at checkout with the PCI DSS trust logo.
â— Explain why you're asking customers to verify their payment information with 3D Secure.
â— Represent your SSL certificate with a lock in the browser's URL bar.
â— Show your customers that you're encrypting or masking sensitive information as they enter it in real-time.
Highlighting your security protocols can also act as a natural deterrent to would-be cybercriminals who are simply looking for easy prey. If fraudsters see you've done your due diligence and established strong security protocols, they may just look elsewhere.
If you'd like some help to strengthen your security and prevent fraud, Contact Global Payments for more information or learn more about their fraud protection technology, including seamless 3DS2 authentication.
Find out more about card processing solutions here:
Global Payments is a trading name of GPUK LLP. GPUK LLP is authorised by the Financial Conduct Authority under the Payment Services
Regulations 2017 (504290) for the provision of payment services and under the Consumer Credit Act (714439) for the undertaking of terminal
rental agreements. GPUK LLP is a limited liability partnership registered in England with company number OC337146.
Registered Office: Granite House, Granite Way, Syston, Leicester, LE7 1PL. The members are Global Payments U.K. Limited and
Global Payments U.K. 2 Limited. Service of any documents relating to the business will be effective if served at the Registered Office.
Global Payments is also a trading name of Pay and Shop Limited. Pay and Shop Limited is a limited company registered in Ireland with
company number 324929. Registered Office: The Observatory, 7-11 Sir John Rogerson's Quay, Dublin 2, Ireland. Service of any documents
relating to the business will be effective if served at the Registered Office.
2022 GPUK LLP. All Rights Reserved.
Found this news article useful?
Stay up to date and sign up for our newsletter for more
Newsletter Sign-Up
Visit the Hubs to see our resources!
Sustainability Hub
Finance Hub
Product Buying Hub
Sales and Marketing Hub
GDPR Hub
Not a member? Join Bira today for just £205+VAT
Refer a friend for £50 off your membership!