Payment Processing

At a fundamental level, the growth of any business depends on three key activities: maximizing profits, minimizing costs, and ensuring security.

Of course, the more technology advances, the more complex these activities often get. When it comes to payment processing, businesses need to pay attention to the new EMV technology.

What Is EMV Processing?

Traditionally, debit and credit cards function through a magnetic stripe or “magstripe.”

While magstripes were effective at storing financial information in the past, the technology failed to keep up with the ever-changing dynamics of the cybersecurity landscape.

According to The Nilson Report, credit card fraud will lead to over $31 billion in global losses by 2018.

Small companies are expected to be more vulnerable due to the lack of anti-fraud policies, such as employee fraud training, internal department audits, and hotlines.

Payment Processing 2

Source: The Nilson Report

It’s worth mentioning, however, that ever since adopting the new EMV (Europay, MasterCard, and Visa) technology in 2015, companies have seen an 18.3 percent decrease in counterfeit transactions.

Unlike magstripe cards, EMV-enabled cards encrypt the information and then sends a request for authorization from the card issuer. This essentially prevents cybercriminals from stealing your financial information even with the presence of a skimming device.

There is, however, one minor negative to the adoption of EMV cards: In 2016, credit card fraud was estimated to have spiked to $4 billion due to hackers rushing to cash in on their stolen data.

What triggered them was to act was most likely due to their realization that the arrival of EMV cards would render their stolen data useless in the foreseeable future.

Adopting EMV for Retailers

Despite the push towards EMV card adoption, magstripe cards would continue to work in most POS terminals.

If your business accepts card transactions within your establishment, there are a few things you need to do to prepare for a fraud-less future.

One of which is to undergo certification through EMVCo which may take a couple of weeks to complete.

Of course, you also need to purchase a new terminal that accepts EMV chip cards. Then, train your staff on operating the upgraded hardware and software, ensure everyone understands the EMV liability shift, and encourage customers to use EMV chip cards during their transactions.

Overall, the transition is going to be an investment that’s worth pursuing since it eliminates the likelihood of credit card fraud.

What About Online Transactions?

Initially, the EMV surge only affected retail, card-present transactions. It did not help secure online transactions. There were also valid concerns that the EMV rollout would worsen the security of the online payment space.

Once online fraud rings become completely incapable of counterfeiting credit card transactions in stores, they will be encouraged to focus on transactions over the internet.

Experian confirmed this when they discovered that, in 2016, the number of fraud attacks that targeted e-commerce businesses rose by 15 percent.

Thankfully, with initiatives like Visa’s Dynamic Passcode Authentication and MasterCard’s Chip Authentication Program, the benefits of EMV can now be leveraged for transactions online and via phone.

Both initiatives work by requiring customers to key in a one-time passcode whenever transacting online. They do, however, require a specialized, handheld reader that is used for validating the EMV chip embedded in their cards.

The dynamic passcode authentication and chip authentication program are both examples of multi-factor authentication being utilized for payments.

Securing Online Transactions Without EMV

Eventually, the EMV rollout along with the initiatives of card issuers would significantly reduce the cases of fraud. Until then, online retailers still have a number of options when it comes to fraud prevention:

1. Check the Buyer’s IP

If your online business deals with high-value items and requires your direct involvement when facilitating transactions, then a good practice to have is to check the buyer’s IP first, especially if you also accommodate orders overseas.

Your goal here is to verify that the IP address of the current buyer matches the billing address of the credit card. A simple tool like IP-Lookup.net would come in handy for this.

Payment Processing 3

Another option is to use an Address Verification System (AVS), which automatically checks if the delivery and billing addresses match.

2. Request for the CVV

Credit card issuers include a Card Verification Value (CVV) that can help consumers and merchants validate online payments.

It cannot be obtained digitally, which means only the person who has the card on hand can see it.

3. Monitor for Unusual Transaction Amounts

An early indicator of a fraudulent activity is an unusually large transaction amount. For example, if your business typically processes orders that are under $100, then consider flagging transactions that are four or fives times that amount.

One straightforward solution is to call the customer and verify their identity. If they deny having knowledge of their order, then you can simply cancel the transaction.

Today, several e-commerce platforms, along with a handful of payment gateways, are capable of automatically flagging transactions that exceed a volume threshold.

There are, however, a couple downsides to this strategy. For one, experienced fraudsters can easily avoid being flagged by limiting the amount of their transactions. Calling customers for verification purposes can also be a labor-intensive task.

4. Use a Payment Gateway With Fraud Protection Policies for Merchants

Finally, payment gateways that offer fraud protection policies for their merchants.

Some platforms offer a comprehensive set of seller protection policies that can safeguard business owners against fraudulent activities.

They can actively monitor your account for anything suspicious, help you resolve payment disputes, and protect the financial information of you and your customers via encryption.

Take note that, aside from hacking a legitimate customer’s credit card information, some cybercriminals also take advantage of system and policy loopholes for their fraudulent schemes.

Finally, make sure your entire payments system is compliant with the Payment Card Industry Data Security Standard or PCI DSS. This will help you secure the credit card information of your customers — thus, protecting the integrity and sustainability of your brand.

In addition, there are several other benefits you can enjoy when your business is PCI compliant, such as:

1. You and your customers will have peace of mind.

Because being compliant would mean that you’ll have far fewer security breaches, you and your customers can be at peace knowing that you are both protected.

2. You can avoid hefty fines.

When businesses suffer a breach, fines can get as high as $500,000 per incident — that is, if they aren’t PCI compliant. When they are complying with PCI standards, however, fines are drastically reduced.

3. You can get more customers.

Once your customers are made aware of your business’s PCI compliance, they’d be far less hesitant to transact with you since they know that it’s safe doing business with your company.

Conclusion

Whether or not your business is EMV-ready, there are several steps and procedures that you can employ to protect your venture from credit card fraud.

If you follow the tips above, you’ll be able to increase your business’s level of protection against counterfeiters.

What’s Next?

What strategies have you been using to protect your business from fraudsters?

If there’s anything you’d like to share that can help the readers strengthen their businesses against counterfeiters or fraudulent transaction, then please share your ideas in the comments section below.