In ecommerce, you’re pretty much locked into accepting credit cards. Anyone who has ever sold something online know that you must get your payment before you send the merchandise. While there are other payment services out there, by and large, plastic rules the roost. However, given your customers can be in far-flung areas all over the world, getting a physical look at the card is unrealistic. As a result, you have to trust the payment information they give you is actually theirs. To protect your business from chargebacks owing to fraud, here are the best strategies for securing card not present transactions.
Stay Aware and Train
- Employee training is your first line of defense. Teaching your people to adhere to a philosophy of “trust but verify” will save you a lot of trouble. When reviewing orders, they should always confirm phone numbers, shipping addresses, billing addresses and other pertinent transaction information.
- Additionally, priority shipment requests should be given extra scrutiny. While these orders may be perfectly legitimate, unscrupulous individuals are usually in a hurry to get the product so they can resell it. If rush shipping fees are very high and the customer seems unfazed by them, this should be looked upon as a red flag. Train your people to examine these transactions a bit more critically.
- Similarly, if an order from a repeat customer is way outside of their usual parameters, much larger than their average spend, or shipping to an address they’ve not used previously, it’s worth taking a second look to confirm it really is the customer. Usually, a quick email or text message is all that’s required.
Codes & Compliance
- Card security codes are another important tool. The three-digit number on the back of most credit cards and the four-digit number on the front of American Express cards is never transmitted with the account number. The only way to have access to it is to have possession of the card. Most hackers harvest numbers rather than steal physical cards, so insisting upon the provision of the card security code number at least ensures the customer has the card. It can also dissuade thieves by slowing down the transaction.
- Working with an Address Verification Service will give you the ability to verify the billing address associated with a card. When orders come in, if the shipping address is different than the billing address, your system should be set up to contact the cardholder at the billing address to ensure the order is legitimate. This is especially critical when you are engaged in the sale of big-ticket items such as selling furniture online. A flurry of chargebacks can quickly decimate such a business.
- Maintaining strict compliance with the Payment Card Industry Data Security Standard (PCI DSS), will help prevent the theft of card user information from your system. This prevents hackers from defrauding your customers and other merchants. While this doesn’t secure your business per se, it does secure someone else’s, and if they also adhere to this policy, it secures yours too.
- A huge part of PCI DSS compliance is ensuring the security of your network. Firewalls should be in place and routinely probed for porosity. Similarly, minimize the amount of customer data you keep in storage so if your system is penetrated, the pickings will be slim. Encryption protocols should also be deployed and adhered to rigorously.
- If you must store credit card information on your servers, consider credit card tokenization, so the true card numbers are irrelevant to transactions. That way, if somebody does manage to beat your security and gain access, the numbers they harvest will be useless.
While fraud is going to be with us for the foreseeable future, these best strategies for securing card not present transactions will help keep it to a minimum.