As an online store manager you need to understand the risk of credit card fraud and how will the week back charges that could cost you a lot of money.
Many payment gateway providers now include measures for reducing the risk of credit card fraud on the losses you may incur as an online merchant. Whatever they may brand their antifraud services as, they generally utilise a common set of mechanisms. Some also include proprietary mechanisms to further increase your online payment security.
For some online stores, they might as well have a gun pointing at their heads because the owners have given no or little consideration to manage and the risk of credit card fraud.
So what are the mechanisms for delivering antifraud to your payment processing? The most readily available mechanisms are CVV, CVV2, AV S and 3D secure.
CVV | CVV2 | AV S Verification
These are simply means by which you can, as a merchant, verify that the payment being made by credit card is being made by the owner of that card. They are not a guarantee that to minimise your exposure.
CVV - this is the most common check and requires the cardholder to provide the three or four digit security code on the back or front of the car. The problem there is that if the card is stolen but of course they have these details.
CVV2 - this is an alternate implementation of CVV that does exactly the same.
AVS - this is quite different in that this service, provided by the credit card companies, uses the address details provided by the shopper and compares the address details held for this credit card. Limitation of this is that only the numerical details e.g. house number, postcode are matched, no alpha characters in the address are checked. Further to this, some company credit cards can't be checked due to the banks not having access to the required information.
What is important to understand here, is that when your customer’s transaction is sent to the bank, an “Authorisation” is returned for the amount requested regardless of the CVV or AVS. This authorisation only confirms that a valid credit card number has been provided and that funds are available on this card.
If you have CVV and /or AVS in then these checks are also applies and should they fail by way of response sent back by the bank then the transaction will be rejected.
The use of 3D Secure involves an additional layout of security being placed over all other mechanisms in place. This scheme is a collective measure from Visa and MasterCard together. It is however limited to use by Visa and MasterCard holders only.
If you have 3D Secure setup, your customers will be required to provide a separate security code by way of a Web page to which they will be directed by the issuing bank. If the shopper has not already registered for this service then they will be able to do so at the time of purchase.
Accessing Antifraud Services
The first step is to ensure your payment gateway is providing the services. Not all gateways for all of the services to you need to confirm exactly what level of protection you are wanting.
You will then need to set the rules that you wish to apply when CVV and AVS checks are applied. These rules give you a "Fraud Score" which will measure the level of risk of fraud associated with this transaction. This call will determine whether the transaction is to be rejected or not either payment gateway.
Finally, you need to ensure your e-commerce system can reference these antifraud mechanisms. If not, the transactions will be authorised and your only recourse will be to manually check the antifraud measures and fraud score and then deny the transaction manually.
Business Catalyst online shop works with approximately 34 payment gateways around the world. Many of these provide antifraud at varying levels. Implementing security measures for our clients, it is important that they ascertain the exact level of security they require, the country in which the processing of the transactions is to occur and then we are able to determine which gateway best matches those needs.