Attacks on our sensitive business and personal information are becoming increasingly common. It seems as though everything is now available online or managed through an app. It is important we do not become complacent, no matter how often these major data breaches happen. We should all be taking every precaution to secure data. This is especially true if our business relies on eCommerce payment processing.
eCommerce security is complex. Security standards should undergo testing on a regular basis. On top of that, you should also be monitoring user activity and customer behavior. That said, your website could be the online equivalent of Fort Knox. All your vulnerability scans consistently reporting green. But, payment processing best practices for credit card validation (CCV) must be active. Without them, your company is at risk of supporting credit card fraud. This could halt your revenue for months and months. At the same time, you’re trying to recover your losses with credit card companies. It’s a terrifying beast to manage.
Paying attention? Let me explain a few of these payment processing best practices you should consider.
1. Credit Card Validation
You might think this is a common sense approach, but validation means more than checking the number, expiration date, and CVV of potential customers. In addition to those 3 aspects of validation, incorporating Address Verification System (AVS) is another method of credit card validation. Configuring these validation fields can change based on which payment gateway (PayPal, Authorize.net, Stripe, etc.) and eCommerce platform (Magento, WooCommerce, etc.) you use. Despite these differences, it should be easy to incorporate these validation fields into your payment processing.
2. Behavior Monitoring
For a crook, credit card testing isn’t a one shot and done approach—it takes multiple attempts to verify a card number. To spot these suspicious users, look at the transaction and visitor history for your site. Pay close attention to these red flags:
- The same IP address has multiple failed transactions.
- Again, the same IP address has multiple purchases from different credit card numbers.
- If you see a spike in sales for low price items.
This last point is indicative of someone testing a card number with a small price item and potentially using that card number for big ticket items elsewhere or increasing the value of that number for other hackers to purchase and use. If you notice this kind of suspicious activity, you would do well to flag that credit card and not process any transactions with it.
3. Guest Checkout
If you want to incorporate this feature into your online business, you should weigh the pros and cons. The pros can mostly be summed up as simplifying the purchasing process to drive more sales. This is great for customers who want to buy products without going through the steps of creating an account.
Cons include significant security considerations. A crook would be able to use guest checkout to test a stolen credit card (purchasing small ticket items to verify a credit card is valid) with minimal amount of information to tie them to that transaction. If you decide to enable guest checkout, in addition to validating the card number and expiration date, be sure to validate the name and address as well.
Payment Processing Is Only One Part of Security
eCommerce security is more than just good business practice—it’s also vital to protecting the customers you serve. The basic steps laid out in this post are only part of what you should consider when it comes to ensuring your eCommerce site is secure.
If you’d like more information regarding eCommerce security, contact our security team. And if you’re thinking of starting a new eCommerce site or modifying an existing eCommerce site, we have the experts you need to guide you through that adventure, as well.