For obvious reasons, more and more customers have been availing themselves of options such as “Buy Online, Pick Up in Store” (BOPIS) or home delivery during the COVID-19 pandemic.
E-commerce has, therefore, become a significant part of the operations of many businesses, including restaurants and traditional brick-and-mortar stores that had never previously used it prior.
The downside is that this has also brought significant new threats of fraud, and particularly Card-Not-Present (CNP) fraud.
So there are some important protections that businesses new to e-commerce need to put in place.
Basic Level Protections
The first and most basic safeguard is to ensure that you require the entry of the card CVV code (the three-digit number on the signature strip) and use an address verification service (AVS).
Like main card numbers, CVV codes can be stolen and stored, so it’s a good idea to require them to be re-entered if there is a change to a customer’s delivery address or an unrecognized device is used.
And the use of an AVS to match a customer’s entered billing address with that held on file is another important protection.
Use 3D Secure 2.0
The next level of safeguard is to use 3D Secure 2.0, a technology used by both Visa and Mastercard that makes real-time use of a number of key data points to flag some transactions as high-risk.
Such transactions can then only be completed when the customer enters a one- time passcode sent to their cellphone or confirms their identity using biometrics
3D Secure is regarded as the industry standard for CNP security and represents a significant advance on the old “Verified by Visa” type systems, which introduced a high level of checkout friction by requiring passwords for all transactions.
Industry sources believe that at most 5% of transactions are flagged as high-risk by 3D Secure, and there has also been a significant reduction in cart abandonment – which is great news for both customers and merchants.
What Merchants Need to Do
Most cardholders will have their cards automatically enrolled in 3D Secure by their issuing bank.
But merchants may need to make some changes in their point of sale systems if they wish to make use of this new technology.
And you also need, of course, to ensure that your systems and procedures are compliant with the Payment Card Industry Data Security Standard (PCI DSS).