Twitter
Facebook
YouTube
SecureTrading Blog
Flickr
LinkedIn
All of the below core services are included free of charge in SecureTrading's PSP services:
3-D Secure
3-D Secure is a credit and debit card authorisation program, implemented by Visa (as 'Verified By Visa') and MasterCard (as 'MasterCard SecureCode'), to help reduce fraudulent purchases by verifying purchaser identity during online transactions. Put simply, 3-D Secure is the Internet equivalent of Chip & PIN. SecureTrading is fully 3-D Secure across all acquirers and was one of the first PSPs to implement 3-D Secure for our merchants.
The primary benefit of 3-D Secure to the merchant is the shift of liability from the merchant to the issuer on certain types of disputed online transactions. For the cardholder, 3-D Secure provides increased confidence that their card details are secure when purchasing over the internet.
Address Verification System (AVS)
AVS adds an extra level of security to a transaction. The address that your customer has entered is checked against the cardholder address that the bank holds for that card. The bank will indicate whether there is a match between the address entered and the card address.
SecureTrading support the real time validation of AVS data. An online merchant can use the results of this test to decide whether or not to fulfil an order. For example, you might want to check that the delivery address matches the cardholder address before dispatching the goods. This is valid only for UK orders.
Security Codes (CVV2, CVC2, CSC)
All credit and debit cards carry a security code number. This number is known to the bank and printed on the card, but is not stored or printed anywhere else. Therefore, it can be used as a confirmation that the person using the card to make a purchase is in physical possession of the card, or has at least seen the card at some time.
SecureTrading supports the real time validation of card security code numbers as part of our standard service to merchants. For online merchants this code can provide extra assurance that the credit card is in the physical possession of the person making the transaction. You can ask for this number, along with the other credit card details, when your customer places an order, and the number will be checked by the bank.
Encryption Levels
Because security is a priority, SecureTrading currently offers a level of encryption that is stronger than from any other Payment Service Provider. All communication within the SecureTrading system is strongly encrypted using 2048-bit Public/Private Key encryption with variable 168-bit session keys. This is many more times secure than standard browser SSL security.
The SecureTrading API and Xpay systems use digital signatures throughout the system to ensure that any transaction arriving at a payment gateway has come from a merchant that we can identify, and that any information passed back to the merchant is from a SecureTrading payment gateway. The encryption and decryption processes are totally transparent to you and your customers.
Quarantine Service
Every transaction processed by SecureTrading is inspected by our fraud control system. The system looks for certain patterns of card usage, which indicate that the transaction may be fraudulent, or even erroneous, in some way. The results of this investigation are passed back to you along with the credit card authorisation information prior to settlement.
Each merchant can set a confidence level and any transactions that do not meet this level will be automatically suspended (not sent for settlement) and an e-mail automatically generated to warn the merchant.
It is up to you to decide whether or not to process a suspicious transaction, perhaps after checking further details, contacting the consumer or evaluating the risk. Our fraud control system is in addition to the standard authorisation checks carried out by the Card Issuing Bank.
Additional Security Feature
We also have an additional security feature that can prevent tampering on the amount field e.g. a £300 transaction does not get processed for £0.30p.
This feature has to be configured on the Merchant's website and is submitted to the form page along with the actual field value (the amount). By implementing the MD5 Hash feature, our system will detect that certain encrypted fields have been tampered with and fail the payment.
Full details on how to implement this feature, including some examples, can be found in the Payment Pages Set-up Guide, section 1.4 (pages 5&6), which can be downloaded here.
For more information please contact our Sales team on 0333 240 6000, or follow the links below.
