Online fraud prevention tools
3D secure (American Express SafeKey, MasterCard SecureCode and Verified By Visa)
To help reduce card fraud, the card schemes have developed American Express SafeKey/ MasterCard SecureCode/ Verified by Visa. An automated cardholder address verification (AVS) and card security code (CSC) system is available for businesses that accept phone, internet or mail order transactions. The system allows them to verify the billing address of a cardholder and cross-check the security code on the signature strip of the card. These data checks provide additional information to help businesses assess fraud risks and decide whether to proceed with the transaction.
An acquirer can help their merchant on the steps to be taken to incorporate American Express SafeKey/ MasterCard SecureCode/ Verified by Visa into their website and its interaction with an internet payment page.
For more detailed information about American Express SafeKey/ MasterCard SecureCode/ Verified by Visa visit Financial Fraud Action UK.
AVS / CSC
These two acronyms stand for Address Verification Service (AVS) and Card Security Code (CSC). They refer to information that a merchant can pass to their acquirer via the terminal (or by other means) to will help them decide whether to proceed with a transaction or not. Used together, AVS and CSC provide a simple fraud prevention tool. Although AVS and CSC do not provide full cardholder identification, they present a tool to deal with most common types of CNP (card-not-present) fraud. For more information visit Financial Fraud Action UK.
Apart from the standard fraud prevention tools - AVS / CSC, American Express SafeKey, MasterCard SecureCode and Verified by Visa – that a merchant can use to safeguard against possible fraudulent transactions, there are other specific tools for e-Commerce and the other card not present transaction types of ‘mail order and telephone order’ (known as MOTO) transactions.
Fraud screening services can be provided by an acquirer, payment service provider or in conjunction with third party solution providers who can supply a range of fraud prevention tools.
These tools work by using a number of detection technologies such as pattern recognition or rule generation to assess whether a transaction is likely to be fraudulent or not – providing risk screening to help reduce chargebacks and fraud - before it is sent for authorisation. A merchant can then decide, on the advice given to them by the fraud screening service, whether to allow the transaction to proceed or not.
Payment service provider
To trade over the internet, a merchant will require a payment service provider (PSP) whose role is to securely capture a cardholder’s card details and pass these onto the merchant’s acquirer for processing.
How this works, is that a merchant provides a ‘virtual shop’ on the internet that their customer visits and selects the goods or service they want to buy. The customer or cardholder then goes to the checkout or ‘virtual till’ / internet terminal on the merchant’s website provided by a PSP. This internet terminal securely captures the customer’s card details and enables them to authenticate themselves. Cardholder authentication can be performed using either MasterCard SecureCode or Verified by Visa and involves the cardholder providing an agreed password in addition to their card details.
The card details and result of the authentication are passed by the PSP, (using a secure link to safeguard the security of the details) to a merchant’s acquirer who will pass these onto the card issuer to seek an authorisation. The authorisation is passed back from the acquirerto the merchant via the PSP.
Some merchants will only have a relationship with a PSP and not an acquirer. In this case, the PSP will also perform the role of acquirer and this will be reflected in their charges. Alternatively, a merchant can choose their acquirer and a PSP – the acquirer can advise which PSPs have been accredited to pass card transaction details to them for processing.
A merchant can choose to use third party providers to help them develop their web presence for the following three components:
- A website.
- Shopping cart software to enable customers to add up their purchases before moving on to a secure payment page.
- A payment service provider to provide the secure payment page.
Shopping cart software providers can advise which PSPs they work with and vice versa. In this example it has been assumed that the PSP will also perform the acquiring function of card acceptance. However, if this is not the case, a merchant should discuss with their acquirer which PSPs they have accredited and discuss which shopping cart software providers these work with.