Attacks on our sensitive information, business or personal, are becoming more and more common as seemingly everything now is available online or managed through an app. No matter how often we read about major data breaches, it is important we not become callused to these attacks. We all should be taking every precaution to securing data—especially if our business relies on eCommerce payment processing.
eCommerce security is complex. Not only should you evaluate your security standards on a regular basis, but you should be monitoring user activity and customer behavior as well. That said, your website could be hardened as securely as Fort Knox and all your vulnerability scans reporting all green, but if you are not following the payment processing best practices for credit card validation (CCV), your company is at risk of supporting credit card fraud. This could potentially halt your revenue for months and months while you are trying to recover your losses with credit card companies.
Paying attention? Let me explain a few of these payment processing best practices you should consider.
1. Credit Card Validation
You might think this is a common sense approach, but validation means more than checking the number, expiry date, and CVV of potential customers. In addition to those three aspects of validation, incorporating Address Verification System (AVS) is another method of credit card validation. Configuring these validation fields can change based on which payment gateway (PayPal, Authorize.net, Stripe, etc.) and eCommerce platform (Magento, WooCommerce, etc.) you use. Despite these differences, it should be easy to incorporate these validation fields into your payment processing.
2. Behavior Monitoring
For a crook, credit card testing isn’t a one shot and done approach—it takes multiple attempts to verify a card number. To spot these suspicious users, look at the transaction and visitor history for your site. Pay close attention to these red flags: if the same IP address has multiple failed transactions; if the same IP address has multiple purchases from different credit card numbers; and if you see a spike in sales for low price items.
This last point is indicative of someone testing a card number with a small price item and potentially using that card number for big ticket items elsewhere or increasing the value of that number for other “crooks” to purchase and use. If you notice this kind of suspicious activity, you do well to flag that credit card and not process any transactions with it.
3. Guest Checkout
This is a feature you should weigh the pros and cons if you should incorporate into your online business. The pros can mostly be summed up as simplifying the purchasing process to drive more sales. This is great for customers who want to buy products without going through the steps of creating an account.
Cons include significant security considerations. A crook would be able to use guest checkout to test a stolen credit card (purchasing small ticket items to verify a credit card is valid) with virtually the minimal amount of information to tie them to that transaction. If you decide to enable guest checkout, in addition to validating the card number and expiration date, be sure to validate the name and address as well.
Payment Processing Is Only One Part of Security
eCommerce security is more than just good business practice—it’s also vital to protecting the customers you serve. The basic steps I laid out in this post are only part of what you should consider when it comes to ensuring your e-Commerce site is secure.
If you’d like more information regarding e-Commerce security, please check out our security services page. And if you’re thinking of starting a new eCommerce site or modifying an existing eCommerce site, visit our e-Commerce page for more information.