Is Your Payment Gateway’s Fraud Protection Enough

Sadly, fraud is more than common these days. While most companies go to great lengths to protect consumers, and many consumers themselves try to ensure that their information is secured, identity theft and fraud remains common. In 2017 alone some 14.2 million credit card numbers were exposed.  So too were 158 million social security numbers!

Often, this data is exposed by a data breach, which are extremely common. If you store credit card numbers or other sensitive information online, you could experience (and maybe even held liable) for a data breach. Despite efforts to beef up security, hackers and scammers are growing more sophisticated and can sometimes circumvent even the tightest security.

Once a data breach occurs, there’s a serious risk that someone will have their identity stolen. In fact, Javelin found that over 30 percent of data breach victims in 2016 ended up experiencing identity fraud! Meanwhile, the Consumer Sentinel Network Report has found that identity theft accounted for nearly 14 percent of all consumer complaints in 2017.

Clearly, these numbers should be concerning. Every e-commerce store and online business should consider whether their payment processor is doing enough to protect data. Let’s take a look at some things you should consider.

Considerations When Evaluating a Payment Processor

There are several factors you should consider when evaluating payment processors. While identity theft and credit card fraud will always remain a risk, there are steps both you and your payment processor can take to reduce risks.

First, Where Is Sensitive Data Stored?

You should know where any confidential or sensitive data is stored. At PayKickstart, we don’t store sensitive credit information and other should-be confidential data. Doing so would expose our clients to unnecessary risks. 

Instead, we work with third parties, such as Square, that secure store sensitive data. These companies use advanced technologies to ensure that the data is protected. Speaking of which…

Is Confidential Data Encrypted?

Any payment provider you work with should use Transport Layer Security, Secure Sockets Layer, or another encryption technology when transferring data. These cryptographic protocols encrypt data transmissions, making them harder to intercept. Your online store or other business should also use TLS or SSL. 

Further, your payment processor should encrypt the data that is stored. Square uses 128 bit symmetric cryptographic keys and 2048 bits asymmetric keys, for example, to protect data. Encryption works by scrambling up data or files. If someone wants to unscramble the data, they will need the encryption key. 

Does the Processor Use Address Verification?

Your payment process should use address verification services that match the address associated with the credit or debit card with whatever users type in. Even if a credit card number is stolen, the thieves may not have access to the address. However, in many cases thieves do know or can at least discover the address, so AVS on its own is not enough.

Make sure you verify addresses.

How About IP-Address Tracking?

Another effective way to block potentially fraudulent activity is to check the person’s IP address. If your customer’s credit card is registered in the United States but the charge is coming from Russia, it may be because a hacker in Russia got hold of the data. If you notice such a charge, you may want to try to verify that the purchase is legitimate.

Be warned, however. Hackers know how to circumvent IP tracking using VPNs and other tools that will show their IP address as somewhere else. Further, a legitimate customer could simply be on vacation or otherwise traveling.

Does Your Payment Processor Offer 3D Secure?

Shortly, the European Union will roll out “Strong Customer Authentication”, which will require payment processors to use 3D Secure 2.0 or another technology to verify that transactions are legitimate. 3D Secure 2.o uses a variety of automated tools and also 2-factor authentication to verify customers.

Even if you don’t operate or are not based in the European Union, you can enable 3D Secure. Doing so should reduce the risks of fraud. When you use this technology, liability is often shifted to the acquiring bank. So even if a fraudulent transaction occurs, you might not be on the hook for it. 

And perhaps best of all, 3D secure is free!

Does Your Gateway Provider Offer Other Fraud Tools?

Some payment gateways offer tools that will help you monitor transactions, identify risks, and even confirm the identity of a customer. For example, you might be given the opportunity to manually approve or reject a payment if it looks suspicious. 

What Type of Support Does Your Gateway Offer in the Event of Fraud?

Another important consideration is the type and quality of support offered by your payment processor in the event that fraud does occur. Some gateways offer more support than others. Paypal, for example, will sometimes not hold companies liable for fraudulent charges if the problem is reported within 60 days. 

So if your payment gateway offers recourse, you may be protected even if you are hit with fraudulent activity. 

What Should You Do If Your Gateway’s Fraud Protection Isn’t Enough?

So what do you do if you’re not fully confident in your payment gateway’s fraud protection? There are ways to secure extra protection. 

For example, you could get a chargeback warranty, which will protect you from some charge backs. Chargebacks occur when a customer complains to their credit card company, which in turn issues a chargeback, returning their funds. You’ll often find yourself on the hook for the costs. 

So is a chargeback warranty worth it? As I detailed in another post, such warranties make sense in some cases but are actually quite limited in what they will cover.

Other providers, like Adyen, offer risk management tools that could reduce your risks. You may be able to integrate Ayden’s risk management tools into your online website, providing an extra layer of protection.

Either way, fraud is a serious risk, so you need to take steps to protect yourself. Fortunately, by using a shopping cart like PayKickstart that works with only the best payment gateways, you can gain access to a variety of security features and tools.