With online fraud at an all time high and consumer awareness of lost and stolen credit card data increasing, it is imperative that security and fraud are an integral part of your eCommerce strategy. Criminals have gone high tech and have discovered that there is a significant amount of money to be had with very little risk. Fraud is not to be taken lightly.
Advansys has achieved the highest level, Tier 1 Compliance Certification with the Payment Credit Card Industry Data Security Standard (PCI DSS) which demonstrates that all of our business processes and infrastructures meet the highest level of security throughout the life-cycle of a credit card transaction.
There are the four levels of PCI compliance as mandated by the Payment Card Industry Security Standards Council (PCI SSC), which is made up of MasterCard Worldwide, Visa, American Express, Discover Financial Services and JCB International. Advansys has the highest Tier 1 Compliance Certification.
Companies that meet Level 1 compliancy must have yearly on-site reviews by an internal auditor and a required network scan by an approved scanning vendor.
Any company at levels 2, 3 or 4 complete an annual Self Assessment Questionnaire.
Can you trust 'self-assessment' where your company information, reputation and client confidentiality is at risk? Potentially, but are you prepared to run the risk?
PCI DSS (Payment Card Industry Data Security Standards) are a set of technical and operational requirements that have been set up to protect card holder data. Any company that stores, processes, or transmits cardholder data must be PCI DSS compliant.
The PCI Data Security Standards consist of 12 requirements that mirror best security practices. Complying to these will alleviate any vulnerabilities and thwart theft of cardholder data.
For more information: https://www.pcisecuritystandards.org/
Here at Advansys we take data security seriously. Aside from being PCI DSS Level 1 complaint, the advansys Ecommerce Management System includes advanced security features to protect your business from hacking, fraud and other security risks.
Preventing online fraud is a challenge and there is no 100% full-proof way to avoid it. The steps below however should be used to determine the likelihood of a transaction being fraudulent.
By implementing 3D secure you can be confident that the shopper making the purchase is the true card-holder. It is estimated that 80% of all chargebacks/disputes fall into the “friendly fraudster" category so by checking for 3D secure, even if the cardholder is not enrolled, the liability is shifted back to the card issuer and not the merchant.
The BIN (Bank Identification Number) or IIN (Issuer Identification Number) as it is now called is the first 6 digits of the PAN (Primary Account Number) or long card number. One way to check if the shopper actually possesses the card they used on the website is to call and ask them if they can confirm which bank issued the card to them. Whilst in isolation this does not guarantee they have the physical card in their possession, it is a positive indicator and allows you to check the card against a BIN database.
This checks the total value of an order, which could be an indicator of fraud if it is unusually high for your store. Large order values carry increased risks and consumers usually wouldn't place a large order for their first purchase. These orders can then be dealt with using BACS and goods should only ever be shipped once payment has cleared to a traceable/contactable address.
These checks involve being able to identify and trace the shopper, if needed.
Email Address – Any free email accounts such as live.com, yahoo.com, gmail.com etc should be treated with extreme caution as they can be freely and easily created and are the common choice of fraudsters. An email at a valid domain is better as it is more traceable
Telephone – We should always be able to capture a landline phone number. In doing so the person is traceable via BT or their telecoms provider. Whilst some users do not have landlines and instead rely on their mobiles this carries increased risk and these orders should be treated as suspicious
- Paul Gurnell - GlaxoSmithKline -