5 Best Practice Tips for E-commerce Merchants to Protect Payments

490 views

Published on

October is National Cyber Security Awareness Month so we wanted to provide some tips for E-commerce merchants to protect payments.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
490
On SlideShare
0
From Embeds
0
Number of Embeds
240
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

5 Best Practice Tips for E-commerce Merchants to Protect Payments

  1. 1. 5 BEST PRACTICE TIPS for E-commerce Merchants to Protect Payments
  2. 2. So you're selling your products and services online? GREAT Just make sure the payment data you're collecting doesn't get compromised, or your profits will!
  3. 3. TIP 1 Deploy SSL (Secure Socket Layer) SSL is a protocol used on the web for: Encrypting website data so that data sent from the browser to the server and back is protected Authenticating your website so visitors know you are who you say you are HTTPS = HTTP with SSL
  4. 4. TIP 2 Protect your IT environment Deploy a firewall solution to protect your applications, databases and web servers Deploy intrusion-detection systems/intrusion-prevention systems (IDS/IPS) Train technical staff to properly manage security including firewalls, digital certificates, and SSL encryption
  5. 5. TIP 3 Authenticate your customers Request Credit Verification Value (CVV) information in addition to Primary Account Number and expiration date Consider using 3D Secure (Verified by Visa, MasterCard SecureCode) if you process risky transactions. It is mandatory in some countries, highly recommended in others, and enables fraud liability shift to the issuing banks. (you will not be liable in case of fraud, your customer’s bank will be)
  6. 6. TIP 4 Deploy fraud management solutions Create simple fraud rules - Create exception rules for transactions if there is no Address Verification Service (AVS) match - Use white/black lists - Determine if you should reject transactions from a defined BIN range (specific card brands) or originating from certain IP location address/range (specific countries) Create more complex rules and utilize new innovative solutions - Device identification (device fingerprinting) - Statistical models - Sophisticated rules engine, combining industry white/black lists, with custom rules to match your business and statistical models
  7. 7. TIP 5 Protect sensitive data if you need to store it If you store customer profile data to enable an easier checkout process - Do not store the credit card number, instead request a token from your Payment Service Provider - Only display the last 4 digits of the card in the customer profile, not the full card/token - Never store the Credit Verification Value – ask your customer to enter their CVV when they complete the check-out process
  8. 8. Final Thoughts An easy way to secure sensitive customer data is to use a Payment Gateway offering a Hosted Payment Page or API with direct post capabilities to capture payment data and process the payment. However, you still need to take extra measures to protect your customers’ data and to stay compliant with the PCI-DSS.
  9. 9. Thank you for viewing this presentation! For more information: Call Email Visit Engage 1.866.853.3845 sales@merchantlink.com www.merchantlink.com www.merchantlink.com/blog

×