Does your website comply with anti fraud standards?

In response to ballooning levels of fraud across the globe, bank card issuers are developing standards and technologies to prevent card data theft, and create more barriers for counterfeiters.

Two initiatives in particular stand out: the Payment Card Industry Data Security Standard (PCI DSS) and 3D Secure. Both should be viewed as de facto requirements for any e-commerce site.

What does it do?

From June 2008 PCI DSS compliance went from a "best practice" to mandatory requirement. This data encryption process is intended to help organisations proactively protect customer data. It was developed by major credit card companies to prevent credit card fraud hacking and set security standards for security management, policies, procedures, network architecture, software design and other critical protective measures.

3D Secure, better known by its brand names, Verified by Visa and Mastercard Securecode, adds an extra layer of authentication to the payment process by prompting the cardholder to enter a secret PIN code before the transaction is finalised.

Why I need this

The 3D Secure PIN code is only known to the cardholder, thereby removing merchant accountability for fraudulent claims and the costs associated with them. If a retailer can show a disputed transaction was 3D Secure approved, they won’t in most cases be liable for a penny.

By following the stringent procedures of PCI DSS, organisations can:

• Protect customers’ personal data
• Insulate themselves from financial losses and remediation costs
• Boost customers’ confidence in the protection of their data
• Maintain customer trust, and safeguard a merchant’s reputation
• Get a ‘health check’ on the security of their systems. How does it work?

Adopting these standards is no mean feat. While 3D Secure is not mandatory, PCI DSS compliance is and can be particularly exacting, when it comes to the security of online payment applications.

For small enterprises with limited experience and resource in this field, it's wise to outsource their payment solution to a provider which supports these stringent standards and has a brand that can generate customer confidence.

Opting for a hosted payment solution not only practically eliminates the risk of fraud for the merchant; it also helps smaller businesses inspire the confidence of otherwise sceptical shoppers and removes the burden of having to keep abreast of the changing nature of fraud techniques. As the security landscape brings up new challenges, start-ups can be confident of being updated and continually protected by default.

What else should I know?

Masterminded by tech-savvy criminals, fraudulent techniques are constantly evolving. It is impossible to tackle it completely but acting quickly is of the up-most importance. Access to real-time data enables a company to identify dubious transactions against a variety of criteria before money has even changed hands.

Once payment has been taken, companies need to ensure they can prove they accepted the funds legitimately. Card payment reversals or chargebacks, as they are commonly referred to, are incurred when a cardholder makes an allegation of fraud. They hurt merchants on two fronts; not only do operators lose out on the transaction, they may also be subject to fines, or even blacklisting by the card issuers. Providers which fail to control the situation risk losing their merchant status and ultimately their business.

Further information

Hosted Payment Solutions
Verified by Visa
Mastercard Securecode
PCI Security Standards Council

By Alessandro Hatami
Managing Director
PayPoint.net