Online fraud prevention tools for internet trading
Find out more about the tools available for preventing card fraud through online payments.
3D Secure (3 Domain Server)
To help reduce card fraud, the card schemes have developed American Express SafeKey/ MasterCard SecureCode/ Verified by Visa. An automated cardholder address verification (AVS) and card security code (CSC) system is available for businesses that accept phone, internet or mail order transactions. The system allows them to verify the billing address of a cardholder and cross-check the security code on the signature strip of the card. These data checks provide additional information to help businesses assess fraud risks and decide whether to proceed with the transaction.
An acquirer can help their merchant on the steps to be taken to incorporate American Express SafeKey/ MasterCard SecureCode/ Verified by Visa into their website and its interaction with an internet payment page.
Visit Financial Fraud Action UK for more information.
Address Verification Service (AVS) & Card Security Code (CSC)
AVS and CSC refer to information that you, as a merchant, can pass to your acquirer via the terminal (or by other means) to will help you to decide whether to proceed with a transaction or not.
Used together, AVS and CSC provide a simple, yet effective, fraud prevention tool. Although AVS and CSC do not provide full cardholder identification, they present a tool to deal with most common types of CNP (card-not-present) fraud.
Fraud screening services
Apart from the standard fraud prevention tools that you can use to safeguard against possible fraudulent transactions, there are other specific tools for e-Commerce and the other card-not-present transaction types, including ‘mail order and telephone order’ which are known as MOTO transactions.
Fraud screening services can be provided by an acquirer, payment service provider or in conjunction with third party solution providers who can supply a range of fraud prevention tools.
These tools work by using a number of detection technologies such as pattern recognition or rule generation to assess whether a transaction is likely to be fraudulent or not. This includes providing risk screening to help reduce chargebacks and fraud before it is sent for authorisation. A merchant can then decide on the advice given to them by the fraud screening service and whether to allow the transaction to proceed or not.
Payment service providers (PSP)
To trade over the internet, you will require a payment service provider (PSP) whose role is to securely capture a cardholder’s card details and pass these onto your acquirer for processing.
This works by providing a ‘virtual shop’ on the internet that your customer visits and selects the goods or service they want to buy. The customer or cardholder then goes to the checkout or ‘virtual till’ / internet terminal on your website provided by a PSP. This internet terminal securely captures the customer’s card details and enables them to authenticate themselves. Cardholder authentication can be performed using either MasterCard SecureCode or Verified by Visa and involves the cardholder providing an agreed password in addition to their card details.
The card details and result of the authentication are passed by the PSP, (using a secure link to safeguard the security of the details) to a your acquirer who will then pass these onto the card issuer to seek an authorisation. The authorisation is then passed back from the acquirer to you via the PSP.
Some merchants will only have a relationship with a PSP and not an acquirer. In this case, the PSP will also perform the role of acquirer and this will be reflected in their charges. Alternatively, as a merchant, you can choose your acquirer and a PSP – the acquirer can advise which PSPs have been accredited to pass card transaction details to them for processing.
A merchant can choose to use third party providers to help them develop their web presence for the following three components:
- A website.
- Shopping cart software to enable customers to add up their purchases before moving on to a secure payment page.
- A payment service provider to provide the secure payment page.
Shopping cart software providers can advise which PSPs they work with and vice versa. In this example it has been assumed that the PSP will also perform the acquiring function of card acceptance. However, if this is not the case, a merchant should discuss with their acquirer which PSPs they have accredited and discuss which shopping cart software providers these work with.