Online card payments are an essential part of the modern way of shopping. Security is of the utmost importance in this process and depends on all participants. In this blog, I’ll explain everything that happens, both visible and invisible, and how each participant contributes to security of purchase.
Responsible customer behaviour
Responsible behaviour of card owners is an important aspect we must not overlook when discussing transaction security. Every cardholder is responsible for their card, must keep it in a secure place, and should not share it with anyone. Writing down the PIN on a piece of paper next to the card is strongly discouraged. If you want to ensure the security of your transactions as a customer, only shop on reputable websites whose domains start with https:// and have 3D Secure security verification. If your web browser informs you that you can’t trust the website, take it seriously and avoid paying with your card.
Entering the CVV/CVC (Card Verification Value) code and confirming identity through 3D Secure verification are mechanisms to protect both the buyer and the seller in online shopping. Although customers and merchants may sometimes find these processes cumbersome due to additional typing, resulting in a slightly poorer user experience during payment, these mechanisms are in place to protect both parties from misuse when cards fall into the hands of unauthorized individuals.
CVV/CVC is the security code of a payment card, usually a three or four-digit number located on the back of the card at the end of the signature stripe, or less commonly on the front above the card number. Its purpose is to provide additional security during online purchases and should only be known to the cardholder. It should never be stored anywhere during the payment process. If this number reaches someone who is not the cardholder and wishes to misuse it, in combination with the card number and expiration date, they can make online purchases in your name.
3D Secure authentication is the process of verifying the buyer’s identity, proving that they are the cardholder making the payment. This authentication occurs on the side of the bank that issued the card to the customer. The exchange of data takes place securely, exclusively between the card user and the issuing bank.
Responsibility of the Merchant
The merchant does not come into direct contact with customers’ card data, so there is no obligation to implement anything related to the security of card payments at their end. However, they must choose a reliable partner to handle this aspect for them. The key is that the Internet Payment Gateway (IPG) they choose is PCI DSS Level 1 certified, and the certificate is regularly renewed on an annual basis.
Additionally, the merchant must ensure the security compliance of the platform on which their web shop is built. This involves adhering to all security rules related to communication and data exchange to prevent any malicious interference between the store and the customer. This prevents unauthorized collection of customer data, including personal and card information.
Compliance of IPG and Banks with Rigorous Card Industry Requirements
As an IPG provider of online payment services, CorvusPay operates according to strict rules set by the card industry. Since 2012, it has consistently held the PCI DSS Level 1 certificate, which represents the highest level of protection and compliance. In collaboration with more than twenty partner banks, CorvusPay regularly monitors and aligns itself with the mandates of card associations supporting brands such as Mastercard, Maestro, Visa, Dina, Diners, Discover, American Express, and others.
Both CorvusPay and acquiring banks have implemented systems for detecting and preventing credit card fraud on their platforms. These systems closely monitor transactions, evaluating their risk through mathematical and statistical models. They identify and block fraudulent card activities or issue alerts for any suspicious behaviour. Through monitoring various transaction parameters, such as customer card activity, average transaction amounts, domestic or international transactions, changes in delivery addresses, card BIN (Bank Identification Number), card PIN, and more, these systems take action if the observed data deviate from regular patterns, either by declining transactions or issuing warnings.
For eCommerce to thrive, it’s crucial for systems to be secure, and both customers and merchants must have confidence in them. In order for trust to be established, there is a need to understand the factors influencing security and the respective responsibilities of each party. Each participant has a distinct role in this game where adherence to rules is vital. I trust that you’re following these rules, regardless of your specific role among those mentioned earlier.
I hope this blog has been clear and useful to you.
I’m flying onward; we’ll talk soon.
Edgar