Preventing Online Fraud

PREVENTING ONLINE FRAUD
By Robert Levings, President, EasyPay123

The following article deals with the issue of online fraud, its impact on merchants, and the ways that it can be prevented. It is part of a series of articles offered by EasyPay123 to help merchants understand the many facets of processing credit card payments.

Overview

As criminals become more sophisticated in their attempts to commit online credit card fraud, new technologies are required to discourage and detect fraud before it occurs. Risk of fraud is a potential barrier to online purchases. It can also be costly to merchants, since they must bear the costs of successfully disputed purchases. In addition, too many “charge-backs” can cause merchants to have their merchant account status downgraded or revoked, thereby negatively impacting their business. A number of technologies are emerging to both secure sensitive data and reduce the amount of successful fraud at the various stages of the order cycle.

Input-Based Methods

Several technologies exist that verify data input by purchasers at the time an order is placed on a merchant’s website.

AVS (Address Verification Service) matches the street number and zip code that is entered by a purchaser with address information on file with the credit card companies. A message is then sent back to the payment gateway indicating the degree to which the address information matches (e.g. “Address matches, zip code does not”). Based on the AVS settings or "filters" the merchant has set within the payment gateway, the merchant can then make a decision about how they wish to proceed with the transaction when there are mismatches. One key drawback to AVS processing is that checking occurs only after a valid authorization is returned. This means that there will be a hold on the customer’s account for the amount of the transaction, even though the merchant may decide to decline based upon the AVS results. This method is widely used, however.

EasyPay123’s AVS tool (powered by Skipjack Transaction Network) enables merchants to control how closely the numeric address information must match in order for the transaction to be allowed to settle.

Another technology supported by the credit card companies is called CVV2 (Card Verification Value) by VISA, and CVC2/CID by MasterCard and AMEX respectively. These technologies use codes that are embossed on the back or front of VISA, MasterCard and AMEX cards. CVV2 and its counterparts require a card holder to enter the codes at transaction time to verify that they are in physical possession of the card. Since these values are not stored in transaction databases with other credit card information, hackers cannot gain access to them if they somehow acquire credit card numbers from a database. During the authorization process, the card issuing bank verifies the CVV2 value that was entered with the credit card number.


Communication-Based Methods

The primary technology for securing transactions as they are transmitted over the Internet is Secure Sockets Layer (SSL). SSL “encrypts” confidential data (i.e. converts it into an unreadable form) to ensure that unauthorized individuals are not able to view or modify it as it is being passed between the customer, the merchant’s website and EasyPay123. The merchant’s order form must be secured with a “digital certificate” to establish an SSL connection with the customer. Customers can be confident that their payment session is secured using SSL when they see the “closed lock” at the bottom of their browser.

Digital certificates can now be purchased directly from Skipjack Business Network at biz.skipjack.com.

Storage-Based Methods

Once the order information reaches the payment gateway, it must be securely stored in order to reduce the risk of “hackers” gaining access to confidential information via the Internet.

When securing credit card information, most payment gateways encrypt (secure) the entire database. The problem with this approach is that, if the database is compromised, a hacker can gain access to potentially thousands of credit card numbers for fraudulent use. With EasyPay123, each transaction is individually encrypted using patent-pending security technology. Even in the unlikely event that one transaction is compromised, all other transactions remain secured. In addition, when using EasyPay123, credit card numbers are stored only on the EasyPay123 system as opposed to being in the merchant’s database where security measures may be more difficult to implement. As an additional security method, only the last five digits of a credit card number are viewable through EasyPay123’s Reporting Tool, Merchant Services or email and response notifications.

EasyPay123 also enforces a rigorous password policy in order to restrict access to sensitive data only to authorized individuals. Passwords are changed on a regular basis to further enhance password protection. It is important that you choose a password that will not be easy to guess and keep it in a safe place to eliminate the risk of others gaining access to your data.

Using Sound Business Practices

Although there are many technological tools available in the fight against fraud, one of the best tools available is good business discipline and judgment.

A number of good business practices can help reduce fraud:

(1) Spend time validating each order, particularly ones where the shipping and billing addresses are different or where the email address is from one of the free email services
(2) Ask for complete information at the time the order is made
(3) Be extra careful of overseas shipments
(4) Don’t ship to PO boxes (insist on a physical address)
(5) If you’re unsure of anything, call the customer directly

Summary

No single method of fraud prevention is foolproof. The key to fraud prevention is to leverage appropriate technology and apply sound business judgment to all transactions. If you have any questions about the process, please call us at EastPay123 toll-free at 866-438-8767.


About EasyPay123

EasyPay123 is a leading supplier of payment processing solutions to businesses across North America. Offering world-class solutions at affordable prices, EasyPay123 helps merchants simplify the process of acquiring, launching and using payment applications to improve the way they do business. Visit us at www.EasyPay123.com.

For a description of some of the e-commerce terms used in this article, please visit our online glossary at www.EasyPay123.com.

If you found this article helpful, you may wish to request one or more of the other articles in the EasyPay123 series by visiting our website. Articles in this series include:

Understanding E-commerce Transactions
How Transactions are Processed
Getting Merchant Accounts
How to Design and Build Payment Applications
How to Choose a Payment Gateway
How to Pick a Shopping Cart
Preventing Online Fraud
Gaining Visibility for Your Website
Understanding Wireless Payments

© 2003 EasyPay123 All Rights Reserved. This article may not be copied, reprinted, published, translated, hosted, or otherwise distributed by any means without explicit written permission from EasyPay123.