In the first part of this series, we looked at the four most common types of fraud that affect online businesses today. To combat this and protect cardholders (and the businesses they buy from), the PCI DSS stipulates a ream of online payment security measures that UK eCommerce organisations must take. We looked at how tough this can be and the penalties for non-compliance in the second part of this series.
In the last part of this series about online payment security and PCI DSS, we’re going to look at where fraud occurs within online businesses and the secure payments security encryption software designed to fight online fraud.
When is a Merchant Liable for Penalties under PCI DSS?
Any breach of security carries the penalty of loss of reputation and potential loss of business. But for those businesses that have neglected their annual PCI DSS certification, a fine of up to £500,000 can be levied by the card schemes that administer the PCI DSS.
While any fine is likely to be higher for non-certified companies, if a breach of online payment security has been caused by a company’s own actions or negligence fines are still likely to be extreme.
In order to avoid such negligent behaviour (which is often a case of accidental omissions in payment security processes), an organisation is best armed by understanding where and when potential breaches of online secure payment processes exist.
Where Online Payment Security is Most Threatened within eCommerce
Online businesses which gather and hold cardholder information, accept online orders, and transmit details over the internet are at risk from fraudulent activity at almost every step of their business process. Threats occur when:
- Orders are from high-risk countries
- Orders are made late at night
- Express delivery is requested, especially if to PO boxes/ hotels/ unknown addresses, etc.
- Orders involve high numbers of product
- Billing and shipping addresses are different
- Mobile rather than landlines are used
- Suspicious behaviour is exhibited by the buyer, including frequent or large purchases ‘out of the ordinary’
While this may seem like a long list, it is by no means exhaustive. Other signs of fraudulent behaviour include IP addresses changing between logons, unknown email or physical addresses, card details in discrepancy with account details, and so on.
Encryption and Secure Payments
Various software packages helps to offer protection to eCommerce businesses and their customers. Encryption software such as Secure Socket Layer (SSL) and the use of 3D Secure protection (which was introduced by Visa, and is like a chip and pin for internet transactions) help to reduce online fraud.
These types of security should be integrated with the eCommerce website, and will help to reduce fraud and chargebacks.
The bottom line
There is not only potentially huge profits to be made from eCommerce, but loss of reputation, money, and heavy fines should you get the security aspect of a merchant account setup and payment security wrong.
If it is done right, eCommerce can make a company. If done wrong, it can break it.
The answer is to always be vigilant and never complacent. Keep abreast of rules and regulations, and ensure your systems are protected to the highest degree possible. Companies in the eCommerce space have not just a duty, but an obligation to ensure their customers money is safe. By doing this, they will also ensure their own profits are safe.
Your website must measure up to the demands of the PCI DSS, as must your back-office functions.
If you’re new to eCommerce or unsure of how your online payment security measures up against your legal obligations, then please feel free to discuss with North Payments today.