How to keep transactions secure with payment fraud on the rise
June 05, 2020
Last year, the retail sector was the target of 17% of all cyberattacks, making it the single largest industry for cybercrime, research by Trustwave found. Why? Retailers are selling more products online than ever, and they’re adopting new payments technology to gather sensitive customer data. Ever-savvy hackers have caught onto this and the risk that they will take advantage of any crack and fault they find continues to grow.
Unfortunately, this is a problem that is not going to go away anytime soon.
The eCommerce site is a lifeline for many retailers today. As consumers increasingly choose to purchase products from the comfort of their own home, the online channel is not only a critical part of a retailer’s consumer experience: it also helps to offset the running costs and sale fluctuations that occur in store. But with greater convenience come new risks, at least in the ever-evolving payments space.
Research by American Express finds that almost 80% of retailers admit that their website is vulnerable to payment fraud. And with more cyberattacks taking place than ever, retailers know they need to do more both to protect their own and their customers’ data. Consumers are concerned too, and rightly so. Almost six in ten say they are worried about having their payment account or credit card information compromised when making an online purchase.
Stepping up security
The good news is that greater efforts are being made to keep consumers’ payments information safe, driven by new standards coming into effect to help retailers safeguard against security breaches.
Take Strong Customer Authentication (SCA), part of the Second Payment Services Directive, known as PSD2. This new security standard came into effect in most European countries in September 2019 (although it’s been delayed in some markets due to lack of preparation), and it’s designed to make online transactions even more secure. It enables consumers to authenticate themselves with their card issuer when making card-not-present e-commerce purchases, and adds an extra security layer by asking shoppers to identify themselves in two ways rather than one. For instance, they may be asked to type a password and then verify with a code sent to their phone.
While regulations like this may be a headache to comply with initially, some retailers are using them as an opportunity to up their security efforts, and at the same time, to reassess their relationships with their customers and create a totally seamless buying experience from start to finish.
As retailers are increasingly expected to bear more responsibility for payments security, then, here are four ways you can make transactions safer and even more seamless.
1. New APIs, including 3D Secure
Application programming interfaces (APIs) are increasingly being used in banking to connect and securely expose data, allowing retailers to explore new alternative payment methods and other payment-related solutions, such as loyalty, authentication/identity and fraud prevention tools.
They’re already proving cost efficient in terms of integration and implementation, and they are opening up new customer service channels, including internet-enabled devices (smartphones and wearables), and the internet of things.
EMV 3D Secure (EMV 3DS) is an API that authenticates e-commerce transactions to catch attempted card fraud before it happens. This additional security layer is helping to cut down on online fraud while simultaneously improving the digital payments experience, as the API improves communication in the background between the issuing bank, the acquirer and the merchant. It uses intelligent risk-based decision-making with advanced algorithms and smarter data sharing to evaluate if a purchase is ‘normal’ or not, which means additional authentication is only requested when really needed. With so many consumers used to one-click checkouts, solutions like these not only safeguard data, but minimize disruption and unnecessary friction at the checkout.
2. Point-to-point encryption
Point-to-point encryption involves using technology to encrypt payment card data from the moment it is inserted into a PIN entry device all the way to the bank. For retailers, it eliminates cardholder data from ever entering the point of sale environment, thereby increasing data security by protecting cardholder data in transit and at rest. At no point throughout the process is the card data visible to the retailer, or to anyone else.
Using point-to-point encryption also ensures compliance with the major industry regulation Payment Card Industry Data Security Standards (PCI DSS), which regularly introduces new security requirements for store network infrastructures, Chip & PIN devices and associated payment systems. To guarantee top security, LS Retail only teams up with Payment Service Providers (PSPs) that use Point-to-Point encryption.
Similar to point-to-point encryption, tokenization adds an extra security layer for retailers, replacing sensitive credit card data with an algorithmically generated number called a token. This method means that, again, retailers never hold onto their customers’ sensitive card information and even if their processing system is infiltrated, the data is useless to the thieves, as tokens are not mathematically reversible without a decryption key. At the same time, the primary account number data – the key piece of cardholder data retailers must protect – is never displayed.
Tokenization is becoming an increasingly common way to protect sensitive information and prevent credit card fraud and is proving critical in fighting online or digital breaches. Many say it is one of the most cost-effective and secure solutions available today for protecting customer card information and reducing the scope of PCI DSS compliance. LS Pay, our payment processing solution, supports tokenization
4. Biometrics and more
Retailers are keen to explore other innovative payment security solutions such as biometrics, research by American Express found. In a survey, they overwhelmingly agreed that the three most effective technologies for preventing fraud are requiring a one-time password for additional security to complete a purchase (77%), biometrics (76%), and tokenization (70%).
Getting customers to verify more details when making purchases will make it far harder for fraudsters to be successful, because they have limited knowledge about each customer. Of course, this all needs to be done in a sensitive way, so that you neither frustrate customers nor slow down the checking out process. Verification details ideally need to be captured invisibly, which is why fingerprints and facial recognition are increasingly being used to approve transactions and provide a smoother payment system. They are also much harder to hack, and help provide a smooth, undisrupted shopping experience.