Credit Card Processing Security
Protection from Credit Card Fraud
Credit card fraud is a major concern for all businesses. While the new cashless, mobile economy gives consumers more opportunities to shop and pay, it also creates more opportunities for fraudsters to attack. While EMV chip technology has decreased in-store fraud, it has driven fraudsters to shift focus. Today, most fraud is committed online and via mobile apps where transactions can be made quickly, and criminals can hide behind computers.
The transactions which are most susceptible to fraud are CNP (card-not-present) transactions, such as those handled by online and mail order/telephone order (MOTO) merchants. Fortunately, there are simple steps you can take to lessen the likelihood that your business becomes a victim of online fraudsters and thieves.
Data Breach Protection
A data breach occurs when an unauthorized party accesses a merchant’s network and steals cardholder data. There are various types of breaches: network breaches (caused by hacking and skimming); malware and spyware; the physical loss of a credit or debit card, stolen paper records; and losses from employee dishonesty.
Regardless of how a data breach happens, the result is that unencrypted personal identifying information is compromised by fraudsters or identity thieves. The potential financial damages can be costly. It’s therefore important that merchants and consumers alike be aware of the impact of data breach and how to guard against it.
Transaction Security – Everyone Has a Part To Play
Most Financial institutions embed EMV chips in the debit and credit cards they issue. This helps to reduce liability risks.
Merchants can use POS systems integrated with security software that enables them to comply with the Payment Card Industry Data Security Standards (PCI DSS.)
While consumers don’t have to protect their data, Financial Institutions strongly recommend that consumers not share sensitive personal information, as well as report lost/stolen cards and suspicious activity promptly to their card issuing bank.Consumers should also monitor their credit reports.
EMV Chips have had a profound impact on the security of card payments. The benefit of EMV chips is that they store customer data on integrated circuits which generate a unique code for each transaction that is never stored or used again. Before EMV, card data was only stored on the magnetic strip on the back of the card, which made it easy for fraudsters to skim card data and then counterfeit cards.
Online Fraud Protection / The Importance of Card Verification Values (CVVs)
All online merchants must be vigilant when it comes to online fraud prevention and there are a number of credit card fraud protection tools available:
AVS verifies the identity of the person making the transaction by comparing the billing address they provide with the address on file at the financial institution that issued the credit card.
Card Verification Values (CVV, CVV2, CID, CVD, CVC, CVC2, etc.) are 3 or 4-digit codes imprinted on the backs (or front of American Express) of credit and debit cards, but not recorded on their magnetic strips. CVVs combat fraud by requiring cardholders to provide the code when making a payment online, over the phone or via a mobile app. Unless a fraudster has access to the physical card, they don’t have the CVV and most often the payment will be declined.
When a consumer disputes a “charge” made on their debit or credit card, the issuing bank will typically issue a chargeback to the merchant who completed the payment. In most cases, the issuing bank returns the disputed funds to the consumer immediately, then alerts the merchant and gives them time to file an appeal. The merchant can ask their payment processor to help them appeal the chargeback. However, the majority of chargebacks are due to the merchant accepting a fraudulent payment online or in-store.
If the merchant is in PCI-DDS compliance, their appeal will usually be accepted and the issuing bank becomes responsible for the loss.
Fraud Prevention Through PCI Compliance
PCI compliance simply means adherence to the Payment Card Industry Data Security Standards, or PCI DSS, which are administered by the Payment Card Industry Security Standards Council (PCI SSC). The council was established in 2006 by the major payment card brands — including Visa®, Mastercard®, Discover® and American Express® — to manage security standards for electronic transactions. They set the operational and technical requirements for merchants transmitting or storing consumer payment data.
Once a year, merchants must submit proof of compliance to the Security Standards Council. Merchants who are not in compliance increase their risk for potential fraud losses and chargebacks should a data breach occur. The merchant is more susceptible to data breaches, which can lead to lawsuits filed against them by customers, financial institutions, regulators and major card brands. Noncompliant merchants are fined and can lose their right to accept card payments if they don’t take steps to become compliant.
Let's Work Together
Get in touch and ask us for a quote or ask a question about what solutiuon is best for your business. We’re here to help.