Businesses of all sizes face serious challenges when it comes to ensuring the security of their e commerce sites and the safety and security of their customers’ financial information if they choose to accept credit cards as a form of on-line payment. Although no system is foolproof, as the latest security breach of the massive PlayStation network demonstrated, there are a number of relatively simple measures merchants big and small can take to help reduce and prevent credit card fraud as well as the impact of too many charge backs, which can mean that a company loses the right to accept credit cards at all. Presented here are some of the most effective:
Verify CVC2 and CVV2 Verification Numbers
This simple extra step alone has been shown to help reduce credit card fraud and charge-backs by up to 26%, according to a study conducted by Visa. On the back of MasterCard and almost all Visa and Discover credit cards and debit cards there is a 3-digit security code located at the end of the signature line. On American Express cards the number has four digits instead and the number is located on the front of the card instead. You may need the help of your payment processing provider to implement it but by requiring that customers enter this number as well as their other basic details you will be adding an extra layer of protection both for your company and anyone whose financial details may have been compromised.
Pay Extra Attention to Very Large Orders or Customers in a Rush
All savvy credit card thieves know that they probably have a very short window of time to make use of their ill-gotten gains before the cards they have procured are reported stolen and they are deactivated by the credit card issuer. Therefore orders that are unusually large for your website should be examined a little more closely. For example there may be a very good reason that a customer wants to purchase several big ticket items at once but it is still worth making those extra checks. Another tip off? The person who placed those unusually large orders is asking that they be shipped in a rush, and seems quite willing to pay a lot more to have you do so.
Making Use of AVS
AVS – address verification services – are a relatively simple way to help ensure that the credit card a customer is using to pay for goods and/or services at your website actually does belong to them. Although it’s not a perfect system, address verification is a great tool. For smaller businesses there are a number of free tools that can be utilized so it does not have to cost anything other than the small amount of extra time it takes to implement this extra security step.
When verifying addresses it does little good to verify credit or debit card billing addresses and then ship goods to a totally separate address, especially if it is located some distance from the billing address. If a thief is in possession of both a stolen credit card and some accompanying ID like a driver’s license the billing address is likely to be available to them, and they can still get their hands on the fraudulently purchased merchandise by having it shipped to a different address. For that reason many merchants elect only to ship to billing addresses and never to PO Boxes or mail drops.
It should be noted that AVS only currently works for addresses located in the US. For that reason orders from other countries should be verified by one of the other methods mentioned here.
IP Address Tracking
Another security measure taken by some Internet merchants is IP tracking. Every individual computer has its own IP address which contains a great deal of information about a user. There are a great many free tools that merchants can use to do this and you may be surprised by how much information you get. Here is a sample:
Country: United States
State/Region: Pennsylvania
City: Gouldsboro
Latitude: 41.2416
Longitude: -75.5322
Area Code: 570
Postal Code: 18424
With this information merchants can see at a glance where an order was placed from and while shopping while away from home does not necessarily mean the transaction is fraudulent or suspicious an IP address located in a very different place than the billing address may warrant a little further investigation. If you are going to implement this kind of geotracking though you should be sure to mention on your site that IP addresses are logged. That small note alone may deter someone attempting to make a fraudulent purchase.
Calling the Customer
There are those occasions when a customer may have a perfectly good reason for wanting goods shipped to a different address other than their billing address – they need it sent to their place employment perhaps, or they have recently moved – so before rejecting an order altogether because the AVS did not match, or the shipping address is different to the billing address may be a little hasty. In fact the same hold true for all of the situations mentioned here.
A simple phone call to the customer is often all it takes to straighten the situation out and most genuine customers won’t mind; in fact they will probably be glad that you as a merchant takes the security of their information so seriously. So make sure that providing a phone number is a standard part of your checkout process so that you will be able to do this quickly and easily should problems arise.
Final Thoughts
By implementing extra security measures when accepting credit card payments at your e commerce website you are not only protecting your customers but the reputation and financial security of your company as well. Many of these measures will cost you little more than some extra time and can help your company gain a reputation as a trusted seller who is great to do business with – something that is invaluable for any business, however big or small.