Merchant Account Types
Merchant Account Providers
News & Advice
Merchant Account Tools
6 ways online merchants can combat card-not-present fraud
The coming adoption of EMV credit cards in the U.S. could signal some challenging times ahead for online merchants.
In Europe, where EMV chip cards have been in use for several years, brick-and-mortar merchants have enjoyed a significant reduction in fraud. Unfortunately, according to July 2013 predictions from Javelin Strategy & Research, the thieves in those countries have simply shifted their attention toward a softer target: online merchants, who can't benefit from chip-and-PIN technology. Those merchants, according to Javelin's insights will have to get creative in fighting this new wave of criminals.
Fortunately, there are plenty of ways to keep fraudsters at bay. Some may be familiar to merchants, while others are only recently being made possible by the latest technology.
1. PCI DSS compliance: Credit card companies have adopted Payment Card Industry Data Security Standard (PCI DSS) protocol as the global data security standard for any business that processes, stores or transmits credit card data. Becoming PCI DSS-compliant is basic, and all merchants, whether online or brick and mortar, should already be doing this.
There are 12 basic requirements for PCI DSS compliance. In general, they include the need to build and maintain a secure network, protect cardholder data, develop and maintain secure systems, strictly limit access to card data, regularly monitor and test networks, and maintain an information security policy.
2. Basic transaction authentication: This type of security, which many merchants already use, includes the utilization of:
3. Three-domain secure protocol (also known as 3-D Secure or 3DS). Visa and MasterCard are pushing for this extra level of security, which takes place during the online checkout process.
Visa's 3DS service is called Verified by Visa; MasterCard's is known as MasterCard SecureCode. They work in the same way.
Cardholders sign up for the service with the bank that issued their credit cards and select a special password for online transactions. When cardholders go to make a purchase at a merchant that has installed the VbV or SecureCode plug-in software, they are asked to enter the previously-selected password into a separate box that links directly to the credit card issuer. If the password is correct, the transaction goes through.
Merchants who use these systems are protected from fraud-related chargebacks, as the credit card issuer is the one that does the authentication. The credit card companies say that consumers like these services because they feel that their card information is more secure.
4. Third-party fraud detection service providers. According to Visa, third-party companies can offer you the technology and tools that will help you detect fraudulent credit card transactions. Visa recommends contacting your merchant bank for suggestions on providers that can provide these types of services.
of the art
5. One-time passwords for mobile devices. With mobile phones becoming more prevalent among consumers, this layer of security confronts thieves with a constantly moving target. Consumers are asked to provide their mobile phone numbers to their credit card issuers. When shopping online with a business that has enabled that technology, the issuer then sends the customer a text message with a one-time password after entering their card information. Once the cardholder enters that password on the merchant's site, the transaction can go through.
The texted password is valid only once and then only for a short time.
6. Biometrics. This involves recognition of some physical characteristic of the cardholder before a credit card transaction can go through. A biometric device might read cardholders' fingerprints or palm prints, scan their faces or the irises of their eyes, or check the pronunciation of some words against something the cardholder has previously recorded. A biometric device might even be able to recognize customers' typing patterns and verify their identities in that way. The smartphones and tablets many consumers already use for online shopping already have some of these capabilities.
Although credit card companies are not currently using biometric authentication systems, there are many companies working on their application for both online and brick-and-mortar credit card transactions. Plus, the proliferation of smartphones may make the technology relatively easy to roll out, predicts Al Pascual, senior analyst at Javelin Strategy & Research in a July 2013 article for Digital Transactions.
"It's not a lot to ask consumers to use something like a mobile device," he told Digital Transactions, "since they carry one everywhere and often go out of their way to retrieve it when they leave it behind."
the signs of fraud
Many of these warning signals can be picked up by automated software available from third-party providers, which should also be able to pull out any questionable transactions for further fraud review.
Published: September 8,2021