If this is the first time you are reading our “Selecting a Payment Gateway” mini-series, please, start with the Introduction to improve your understanding of this post.
With the increase of online commerce and wider adoption of electronic forms of payments, an increase in credit card fraud rate is observed (especially, on CNP transactions). Various tools have been introduced into credit card processing software by different companies, in order to reduce the possibility of fraud. They include GeoIP, minFraud and others. Particularly, these tools perform cardholder’s IP address check, verify his e-mail against a look-up table, and determine the buyer’s overall risk score.
When it comes to fraud protection, four most common approaches used at the point of sale are:
- 3D secure, introduced by associations (during online purchases an additional password associated with a credit card is required in order to confirm the buyer’s identity), often used in combination with
- AVS (address verification service provided by card associations to verify the billing address on file against the one provided by the buyer);
- IP-address-based (i.e. geographical location based) segmentation or filtering, provided by third parties;
- various types of identity verification – name or e-mail of the buyer is verified against various blacklists);
In some cases additional compensating security controls can be used. They are:
- so-called “processing cap” – certain processing limits are imposed on the merchant. They reduce/limit the number or total amount of transactions processed by the merchant per hour/day/week/month;
- reserves – certain percentage of money processed is held by the processor/payment gateway for a certain time period to cover potential chargebacks and ACH returns.
Fraud protection issue is especially relevant for merchants that are doing online commerce.
A merchant dealing with a large number of online transactions, as well as a business involved in a high-risk segment, should make a decision in favor of the payment gateway with built-in fraud protection features.
The reseller must keep track of all the merchants it is dealing with, and all their transactions, which is a very challenging task. If some fraud does take place, financial responsibility might fall on the reseller, as not all merchants are responsible enough to perform the necessary checks themselves.
When a reseller is actively involved in an industry segment, where fraud is common and fraud rates are above average, it might be easier for the reseller to partner with some processor, whose payment gateway software has integrated fraud protection tools, instead of building all the respective functionality on its own.
Our next post will cover core reporting requirements for a payment gateway.