Why Your Payment Provider Is Your First Line Of Defence Against Fraud
Fraud is on the rise. Businesses and organisations that takes online payments, are the prime targets.
Standing between you and the fraudsters, cybercriminals and gangs using stolen cards, is a payment service provider (PSP) preventing fraud, reducing chargebacks, fines and financial losses. Your PSP is your first line of defence. Without this protection, once a fraudster – whether they’re a customer committing “friendly fraud” or a criminal gang – has your money, businesses will struggle to recover those funds.
Insurance can protect against some criminal damages, such as fraud, but most businesses should avoid putting in claims unless necessary since it could increase the risk factor for banks, merchant acquirers and card schemes. When it comes to fraud, prevention is always better than the cure, which is why payment providers play a vital role safeguarding your interests.
Let’s take a look at a few ways that payment providers prevent fraud for merchants that take online payments.
#1: Card security codes
Although this is an ordinary and ubiquitous feature, the security code – normally found on the back of a card – is an important step towards fraud prevention in card not present (CNP) transactions. In theory, this serves to verify the cardholder has the card on them and therefore they should be the person authorised to use that card.
Visa calls this code the CVV2. MasterCard calls it a CVC2. American Express uses a four-digit code, usually found on the front of the card, known as the CID or 4DBC. These codes aren’t the same as 3D Secure, which is another level of security commonly employed by payment providers.
#2: 3D Secure
Similar to security codes, different card schemes give this second level of authentication different names. The three most well known are Verified by Visa (VBV), MasterCard SecureCode (MSC) and American Express SafeKey.
3D Secure is the only fraud prevention scheme that provides merchants with liability protection – a form of insurance – for fraudulent transactions verified by the scheme. Merchants are encouraged to read the terms with a payment provider to understand the nature of the liability shift, the amounts covered and the process should a verified transaction prove fraudulent.
#3: Encryption and Tokenisation
Every transaction should be sent through a secure, encrypted connection. No payment provider can adhere to bank, merchant acquirer and card scheme compliance without ensuring they use end-to-end encryption when sending payments. However, some use more sophisticated encryption services than others, with some also choosing to tokenise payment details, which means, in the event of in-transit hacking, the details don’t reference cards and customers.
Payment details are turned into meaningless numerical sequences so that they can’t be exploited in the event of a data breach. Once the verification checks are done, the means to turn the tokens into meaningful customer data are transmitted separately, using systems that make it impossible to connect one data package or transaction to the relevant code.
#4: Address and ID verification
In the UK, an Address Verification System (AVS) matches the postcode and house/flat number against the customer details. Assuming those checks come back correct, you can be more confident that the person making the purchase is the cardholder.
Unfortunately, there is currently no international system that can check worldwide addresses, so merchants need to be more careful when accepting international payments.
#5: Transaction analysis
Repeat customers are more likely to commit friendly fraud. More often than not, they won’t feel like they are stealing when fraud is committed against a large consumer brand. This type of fraud is harder to prevent since the transaction is genuine. What happens after is a customer says they’ve not received something – when they have – then claim the money back from card schemes, forcing the card scheme to charge the merchant unless it can be proven the goods were received.
Unfortunately, one of the more difficult frauds to prevent against is criminals using stolen or cloned cards. In these cases, test transactions – usually fairly small amounts – are put through to ensure the card and any security verification data they have will pass checks.
Thankfully, there are now ways to prevent or reduce the amount of fraud that beats other detection systems. With sophisticated human and machine-learning powered algorithms and rules, payment providers can anticipate, detect and prevent payments going through that have a higher than average chance of being fraudulent.
Even when a payment provider is using the most advanced systems and experts to prevent fraud, we know that hackers and cybercriminals are always looking to find ways to exploit potential weaknesses and defeat new systems. Our security experts constantly monitor the threat landscape and help our customers manage risk. You can find out more about Secure Trading’s security services here.
Concerned about payment fraud? Download our whitepaper on fraud solutions for ecommerce businesses here.