When credit cards were introduced, consumers, banks, and merchants were concerned about data security and theft. When online banking was introduced, many people were slow to adopt due to concerns for the security of their banking information and the risk of fraud. PayPal introduced a new type of online payment that was used initially by outliers and other early adopters, again with many consumers concerned about the safety of their money.
Now, buying online or in other card-not-present (CNP) scenarios is ubiquitous, and most consumers, banks, and merchants give little thought to the issues of secure data and credit card fraud. This can be seen as both good and bad. Good because implicit confidence makes it easier for merchants to market and sell online, building strong relationships with customers. It’s bad because it instills a false confidence, leading consumers to assume they are 100% protected from fraud. Complacent customers become very alarmed when their data is violated.
When a security breach occurs, typically the negative media coverage and resulting social media outrage focuses on you, the merchant, and the risks of doing business. This can mean the end of your business, and that’s exactly why you need to take measures to make sure consumer data is secure and that you have proven fraud reduction measures in place.
Reducing Your Fraud Risk
The harsh reality is that it’s up to you to mitigate and reduce credit card fraud risks. Your customers and their issuing banks need to know that you’re up to date with the latest in data security technology.
At a minimum, make sure you have the following data security measures in place:
- EMV support EMV, or chip card, is now the international standard for credit and debit card security. The technology embedded in the microchips on these cards was developed to protect everyone involved in the transaction. Unfortunately, with EMV we are seeing a sharp increase in omnichannel fraud, meaning you need a layered approach that includes the use of cybersource tokenization.
- PCI compliance PCI compliance is designed to protect consumer cardholder data during the entire e-commerce transaction. It’s imperative that you adhere to these regulations and standards; however, remember that PCI compliance is not the complete solution. You still need a solution that provides encryption, merchant partner data protection, and limited access to cardholder data. Using a solution such as our Global Payment Gateway provides you everything you need to be PCI compliant, while keeping your overall costs down.
- Password security While customers are typically resistant to creating long alphanumeric passwords, it’s important that your payment solution requires customers to employ a password that meets basic—if not advanced—security encryption standards. In fact, many payment solutions are going beyond a standard password and use multi-factor authentication to increase data security and reduce fraud.
- SSL protocol Your online payment system must use SSL (Secure Socket Layer) to provide an additional level of data security. Many customers are familiar with SSL and will expect to use only an encrypted HTTPS website or mobile interface. It’s a good idea to include some information on your website about your use of SSL and how this enhances consumer security and fraud protection.
- Secure customer data Ensure your customer service team is up-to-date with and following best practices to protect customer data. Instruct them to never give out credit card information, addresses, phone numbers, or passwords. Customers are expected to provide their credit card information and to confirm their identity with security questions and address verification.
We cannot stress enough that you are responsible for the security of customer data. As we’ve learned from recent major online security breaches, consumers are not interested in the underlying causes for the breach: they are focused on the risk of conducting further business with any merchant whose security has been breached.
Data Security Is a Must
Good customer service, brand loyalty, a vibrant social media presence, business continuity measures, data security standards compliance, and a proven payment solution all work together to protect you, your customers, your investors, and third-party partners.
While risk is part of running a business, knowing that you’re following the recommend business practices to protect your company and customers from credit card fraud allows you to confidently reduce the risk level. Gone are the days of consumer concerns for using credit cards, Internet banking, PayPal, and other CNP transactions. Unfortunately, this new “confidence” level brings with it complacency and many potential new avenues for fraudsters and hackers.
Don’t let the complacency that many consumers have with the new ways of buying and selling trickle into your business practices. At the end of the day, it’s your company’s reputation that can and will be impacted. Your customers want to buy your products and services wherever they are and however they can. Make sure you’re providing them a secure platform that is a proven payment processing solution that protects everyone involved.