4 minute read

How to protect your customers from fraud

Friday, January 21, 2022

4 minute read

More people are shopping online than ever before. And where the money goes, so do cyber thieves, leaving consumers questioning whether their personal and financial information is truly safe.

Data breach costs rose from $3.86 million to $4.24 million worldwide in 2021, according to IBM's Cost of Data Breach Report, the highest average total cost in the 17-year history of this report.

At the same time, retailers are at risk for significant losses due to fraud. One estimate is that fraudulent online activities like identity theft, chargeback fraud, and account takeovers will cost retailers more than $20 billion in 2021.

For the online retailer, this means you, and your payment provider, have to implement best-in-class security to give your customers complete confidence in your ecommerce business. Here is a two-phase approach we suggest to aid your business in protecting customers from fraud.

Data breach costs

Phase 1: Strengthen your security

To strengthen customer fraud prevention, we've identified four areas to help improve security and save your business money in the long run.

Determine your PCI compliance strategy

One of the most important decisions you'll make when considering your payment strategy is hosting payment processing yourself or outsourcing it to a third party. This decision will directly impact your level of responsibility in managing PCI compliance.

  • With the self-hosted model, you take full responsibility for managing all PCI compliance, including an annual card security assessment. Depending on your size, you will also likely need to hire a Qualified Security Assessor (QSA) to validate that you are PCI compliant.
  • With the fully hosted model, you shift much of the burden of card security compliance to a PCI-compliant third-party processor to manage most of your payment processing needs. The fully hosted model allows you to reduce your PCI compliance burden as the payment processor will be responsible for protecting all cardholder data in its possession. Because this is the focus of their business, they're able to invest in the technology and processes required to keep your customer data secure.

Take advantage of tokenization

Tokenization allows you to replace sensitive data such as primary account numbers (PAN) and customer information with tokens that shield access to a customer's payment data. As a result, your customers' data stays safe because your business can only interact with the tokenized version of that information. In addition, tokenization is irreversible; once the data is tokenized. Therefore, your customers' data cannot be reverted to its original state, reducing the ability of cybercriminals to steal customer payment data.

Enable 3D Secure

3D Secure (3DS) is the umbrella name for the payment networks' online authentication solutions. These include:

  • Visa Secure
  • Mastercard Identity Check
  • American Express Safekey
  • J/Secure for JCB
  • ProtectBuy for Discover and Diners International

It's an authentication protocol designed to reduce customer fraud, increase customer security, and decrease merchant liability for chargebacks.

Our advanced version of 3D Secure—3D Secure 2 (3DS2)—gives your customers a seamless ecommerce experience without compromising on security. Not only does 3DS2 use biometrics and other methods for quick, smooth authentication on any device, but it's also the only card authentication method that meets European Strong Customer Authentication (SCA) regulations.

Offer multi-factor authentication

Account takeovers lept 282% for ecommerce businesses during the pandemic as fraudsters attempted to leverage weak or stolen passwords to steal payment data or make fraudulent orders. By incorporating multi-factor authentication (MFA), you can give customers the ability to enable an extra layer of security that is independent of their password.

When a customer enters their password to complete an online transaction, for example, they will get the option to have a one-time code sent via text or email. If the customer transaction is legitimate, the customer will likely have their phone and can enter the code provided with no problem. However, if it's a fraudster, trying to log in with a stolen password, they likely won't have access to the phone and would be out of luck.

MFA requires at least two forms of authentication, each from a separate category. Those include:

  • Something you know (knowledge), such as a password or PIN.
  • Something you have (possession), such as a phone or credit card.
  • Something you are (inherence), such as a retina scan or fingerprint.

Other authentication methods include answers to secret questions (knowledge), a token or key fob (possession), or biometrics like voice or facial recognition (inherence).


Phase 2: Promote your security to your customers

Once you have security protocols in place, make sure you share what you're doing and why with your customers to build their confidence in your brand, encouraging them to transact. Here are some ways to promote your security:

  • Display trust logos from verified financial brands like Visa, Mastercard, American Express, PayPal, Google Pay, WeChat Pay, and more at your checkout and throughout your website.
  • Promote that your business is PCI compliant at checkout with the PCI DSS trust logo.
  • Explain why you're asking customers to verify their payment information with 3D Secure.
  • Represent your SSL certificate with a lock in the browser's URL bar.
  • Show your customers that you're encrypting or masking sensitive information as they enter it in real-time.

Highlighting your security protocols can also act as a natural deterrent to would-be cybercriminals who are simply looking for easy prey. If fraudsters see you've done your due diligence and established strong security protocols, they may just look elsewhere.

If you'd like some help to strengthen your security and prevent fraud, Contact us for more information or learn more about our fraud protection technology, including seamless 3DS2 authentication.