How to ensure online payments security: merchants take notes
Lately, a topic of security is prevalent in Maxpay’s blogs. And no wonder – it is a crucial part of stable work and success for financial institutions and merchants alike. So, let’s take a look at what merchants can do to ensure the safety of payments they receive from customers online.
Payments security is a set of rules, regulations, and recommendations that merchants should implement or consider if they want their earnings and the customers’ data to be protected. Some safety elements depend on the merchant, others – on a financial institution and we will cover the basics for both.
Secure card payments: merchant’s website safety
Your first call is to assure e-payments safety is to update your website accordingly. Start with the basic information displayed: establish a comprehensive products/services description, payment methods, delivery, and return policy. Unclear information about these can lead to confusion and subsequent chargebacks from clients, and you don’t want that to happen.
The SSL technology
The Secure Sockets Layer (SSL) protocol is something every merchant needs to look into when it comes to sensitive data protection. The protocol encrypts a person’s data when they open a website that uses said protocol – this way your client’s financial and personal data will be transmitted securely so that fraudsters can’t steal it.
The best part is that the process is seamless and instant – a website with SSL protocol will open and operate like any other. Finding out whether a website is using an SSL technology is also easy – just check the URL tab. If it starts with HTTPS instead of HTTP, and/or has a padlock – you’re good to go.
The SSL protocol is also required to comply with PCI DSS, which we will expand on further. And lastly, some browsers like Chrome, Safari, and others warn if the website you’re going to open doesn’t use the protocol. The “website not secure” message pops up and can significantly discourage the potential customers from buying from you – another argument for the protocol installation.
3D secure
This is another exciting technology for payment protection, but this time it is implemented during the purchasing process. 3DS – is a security protocol that allows you to verify your customer’s identity to prevent fraudulent transactions.
We at Maxpay already had a whole article on what is 3D secure, how it works and different protocol types, feel free to check it out for more detailed information.
This is what happens when you enable a 3D secure technology on your website: after adding a purchase to the cart, a customer enters their card details, as usual. But then, the 3DS part ensues: a person needs to verify their identity ether by entering the permanent password for a 3D-secure service, a one-time password (OTP) they will receive on the phone, or use the phone for biometrics authentication. If a person stole someone’s card details, they simply won’t be able to complete the verification without the card owner’s phone.
If you’re a merchant from the European Union, you need to have a 3DS protocol to fulfill the Strong Customer Authentication (SCA) requirement, which is a part of the Revised Payment Services Directive (PSD2). The SCA demands a client to go through a two-factor authentication procedure before completing their purchase, and, as we’ve established, 3DS suits perfectly for the double verification. THE SCA comes into force on the 1st of January, 2021, so hurry up, if you’re not ready yet.
PCI DSS compliance
A Payment Card Industry Data Security Standard (PCI DSS) is something that all the parties that deal with procession, storing, and transfer of the credit card information established should abide by, merchants and banks included. Established by Visa, MasterCard, Discover, and American Express, these are regulations that allow ensuring the complete process of handling online purchases is secure.
Basically, you need to comply with PCI DSS for your own good – to prevent data breaches and remain reputable among clients.
There are four levels of PCS DSS compliance for merchants, which are determined by the card transaction volume. Usually, your bank or PSP can evaluate, which level of PCI DSS you should comply with.
There are also 12 general data security requirements for merchants, which are:
- Install and maintain a firewall configuration to protect cardholder data;
- Do not use vendor-supplied defaults for system passwords and other security parameters;
- Protect stored cardholder data;
- Encrypt transmission of cardholder data across open, public networks;
- Protect all systems against malware and regularly update anti-virus software or programs;
- Develop and maintain secure systems and applications;
- Restrict access to cardholder data by business need to know;
- Identify and authenticate access to system components;
- Restrict physical access to cardholder data;
- Track and monitor all access to network resources and cardholder data;
- Regularly test security systems and processes;
- Maintain a policy that addresses information security for all personnel;
As for Maxpay, we are fully PCI DSS level 1 v 3.2 compliant and undergo a certification every year to keep up with data security standards. Level 1 of compliance allows processing over 6 million card transactions annually.
A secure payment gateway
Last but not least, learn what your bank or Payment Service provider can do to ensure the security of payments, as well as protect merchants from fraud. For instance, we at Maxpay provide a plethora of tools for that.
For one, we offer merchants Covery anti-fraud platform services for fraud and chargeback protection. Just over the last year, Covery detected over 2,8 million fraudulent transactions, saving merchants the headache of dealing with chargebacks.
Maxpay also offers Verifi’s Order Insight solution, which allows merchants to become a part of the customer-issuer discussion on whether to request a chargeback or not. This way, the merchant can present all the relevant transaction data, which proves that a chargeback is unnecessary, to the issuer. Order Insight has a dispute deflection rate of up to 42%, and you can learn more about the process in this blog post.
Visa Merchant Purchase Inquiry (VMPI) solution and Ethoca alerts are another two services you can get through Maxpay. Using them, you can avoid chargebacks before they even occur, preventing the chargeback thresholds exceed. Find out about VMPI and Ethoca solutions in the respected blog posts dedicated to them.
Maxpay is also PCI DSS level 1 v 3.2 compliant and we constantly work on improving our services to make them safer and more convenient. Feel free to contact us through an email or using an online chat on our website.