Payment Processing Security

Ecommerce experts estimate that between 3% and 20% of online orders are fraudulent.  Although the specific percentage of fraud varies by merchant business category, there is little doubt, that fraud is a big problem for internet merchants.

How to Protect Your Business from Payment Processing Fraud

Of course, nothing will completely eliminate the risk of fraudulent online transactions.  However, prudent use of common sense procautions can go a long way in reducing fraud.

1. Take advantage of special technologies offered by your payment processor.  PCI-DSS compliant data protection, tokenization, security vaults, ,cascading rules and filters all are tremendously helpful in reducing fraudulent transtions.  Although you may pay a few pennies per transaction for some advanced features, the added protection will result in increased sales with reduced fraud which will more than compensate.
   
   
2. Are you selling high risk goods or higher ticket items?  If so, use authentication protocols. Authentication protocols indemnify the merchant against loss on the payment processing transaction.  The protocols use one-time generated PIN codes or passwords which verify identity and validate the card being used for the purchase.   A box is displayed a checkout  where the buyer can enter the one-time pass code or PIN.
   Some merchants do not like to use the authentication protocols because they add an extra step to the check out process.  Every extra step at checkout increases the risk of shopping cart abandonment.  If the buyer can purchase the same item the merchant is selling from another site that doesn’t require additional steps, it is possible a sale will be lost to a competitor.  Merchants need to do an internal analysis to determine whether the risk of fraud justifies adding an extra step to checkout.
   
   
3. Use identity verification.  Identify verification is particularly useful for merchants who are selling items such as electronics, jewelry, collectibles, and other high ticket items.  These types of merchants are frequent targets of cybercriminals.  Buyers of higher ticket items understand the need for a merchant to ask for additional information.  Properly deployed, identity verification systems are non-invasive and acceptable to the majority of buyers.
   
   
4. Behavioral profiling is an easy way to reduce risk and stop fraudulent transactions.  Behavioral profiling uses a variety  of parameters to filter out fraud and disallow suspicious transactions.  Merchants can modify profile characteristics on an on-going basis based on feedback received from the system.
   
   
5. Remember your internal security.  Surprisingly, a lot of companies forget to implement simple security procedures that can be highly effective in preventing insider fraud.   Remember to change passwords frequently.  Set up hierarchical system access so employees have access only to the information necessary to do their jobs.  Remotely monitor all employee activities on a regular basis.  Carefully checkout all third party vendors who have access to your system.  Take the extra steps necessary to protect and encrypt your data.  Be sure to continuously monitor internal accounting systems. Implement network security standards with continuous updates.  Establish audit trails for all financial transactions flowing into or out of your business.