Secure online payments: answers for compliance and processing.

Secure online payments: answers for compliance and processing.

By: Joshua Griffin
Posted: August 14, 2019


Secure online payment processingWith emerging technologies such as smartphones and ewallets, ecommerce is thriving. Not only are online payments more flexible and convenient, they also satisfy customers’ expectations for shopping and buying.

Consumers want to browse items at their convenience, without having to run to the store during business hours. Shoppers can keep items in their shopping cart until they make a final decision (or until payday), or they can visit multiple stores in a matter of minutes. Of course, the immediate shipping doesn’t hurt either in a world where we now expect little to no wait times.

The 18 largest online marketplaces, such as Amazon and eBay, accounted for more than $1 trillion in global annual sales. Further, in 2016, the majority of ecommerce sales were made with mobile devices, with estimates that more than 70% of online purchases will be made by these devices by 2021. With smaller stores jumping into online shopping, the rapid growth of ecommerce will no doubt continue.

Businesses can take advantage of the ease of ecommerce, growing their customer reach while increasing their bottom lines. When offering online payment options, merchants should consider streamlining their payment processing by not only incorporating online payments but doing so securely.

But, here’s the question: With ecommerce continuing to grow and thrive, benefiting consumers and business owners alike, how do merchants ensure secure online payments?

Let’s delve into the ways to make online payment processing safer. 

How to process online payments.

Before we jump into online payment security measures, let’s take a step back and review online payment processing. To process online payments, as a merchant, you’ll need some basics:

  • A merchant account (a type of bank account that allows for credit or debit card payments).
  • A merchant bank (a financial institution that will accept online payments).
  • An internet connection.

When a customer purchases an item online, they’ll pay with a credit or debit card. To transfer the necessary payment information, you’ll need access to a payment gateway. A payment gateway communicates the card information to the credit card network, such as Visa, American Express, Mastercard, or Discover. If the customer uses a debit card, the payment gateway communicates directly with the customer’s bank.

Secure online payment processingThe payment processing system also communicates approval or denial codes as well as the details of the transaction. Once an online purchase is approved, the available funds from the customer’s debit or credit card are routed to the merchant account. Then, the funds are settled, meaning they are transferred from the merchant account to the business owner’s operating account.

If you have a brick and mortar store, you may not have a payment gateway. However, if you’d like to add an online store, or your business is solely online, a payment gateway is a must.

Confirming PCI compliance.

Offering secure online payment processing is paramount. One way to assure security compliance is to confirm that your processing system is PCI-compliant. In 2004, the major credit card companies, including Mastercard, Visa, and American Express, created the Payment Card Industry Security Council (PCI SSC), which in turn established the Payment Card Industry Data Security Standards (PCI). These security standards include rules on fraud prevention, chargebacks, and identity theft, helping merchants keep their customers’ payment information secure.

Any business offering credit or debit card payments (including for online purchasing) must comply with the PCI standards. These standards not only apply to the transmission of payment information but also to the storage of payment information. PCI compliance mandates ongoing compliance as the protection of payment information is not a one-time event. By offering PCI-compliant payment processing, not only do you  reduce the risk of payment fraud, but you also improve your credibility as a business by ensuring the security of online payments.

Additional security measures.

PCI-compliance is not the only security measure merchants should consider when processing online payments. To bolster protection against payment fraud, business owners should also explore payment processing options that include authentication, encryption, and address verification systems.

The benefits of authentication.

Authentication is another security measure critical to offering safe online payments. Authentication verifies the consumer’s payment credentials. Some examples of authentication include passwords, pin numbers, security questions, or facial recognition.

To authenticate a credit card purchase, the following four entities are involved:  the merchant, the merchant account, the network processor, and the card’s issuer. The credit or debit card issuer, whether it’s American Express or Citibank, provides the final approval (or authentication) for the purchase.

Once the authorization is received, then the merchant account receives the communication from the processor, allowing the acceptance of the payment and the transfer of funds into the merchant’s operating account. Although this approval method seems complex (hint: it is), the entire authentication process only takes a matter of seconds.

Strong authentication measures can help withstand hacking attempts, allowing consumers to be verified. Authentications typically begin at the consumer level; however, businesses should implement payment processing systems that identify, confirm, and approve (or deny) transactions, allowing consumers to complete purchases safely while reducing the time that the merchant receives funds.

Point-to-point encryption.

After authentication is verified, encryption takes over as another security measure. Encryption protects payment data during its transmission. For example, when a consumer purchases an item with a credit card, the payment information is scrambled or masked by a computer algorithm, making it difficult to hack or skim financial data. The business owner, the merchant account, and the bank all have decryption keys, allowing the “unlocking” of the data for processing. Using a payment system that encrypts data is another affordable way to protect customers’ payment information.

When talking about encryption, merchants may also see tokenization options. Unlike encryption, tokenization doesn’t scramble the cardholder’s financial data, making it unreadable. Instead, this technology removes the card’s data and replaces it with a randomly generated token.

For example, if the credit card number is 9999 8888 7777 6666, this number would be replaced with a token, such as JT846F09J5LK76. These automatically generated numbers cannot be reverse engineered to determine the original credit card number, thus making it difficult for hackers to steal.

Address verification systems.

Finally, online merchants should implement address verification systems (AVS) into their payment processing systems. Online purchases can often be more vulnerable to hackers because the cardholder isn’t purchasing an item in-person, thus, making it more challenging to determine identity.

An AVS system confirms the cardholder’s billing address with the issuing bank, adding another layer of security. If the wrong billing address populates on the check-out screen, the AVS will provide an alert.

Additionally, AVS systems are often used in conjunction with the cardholder’s CVV identification number, confirming that the consumer and the cardholder are one. Typically, a fraudster wouldn’t have access to the CVV number, only the card number itself. If the incorrect CVV number is entered upon purchase, the AVS system will again provide an alert.

Hire a provider who understands online payments.

Offering a secure online payment processing platform is critical to the success of your business. By teaming up with an experienced, reputable e-commerce partner, you can be confident that you’re offering your customers secure online payments, boosting your reputation as well as your customers’ experience.

At North, we offer low processing rates with no hidden fees, don’t require long-term contracts, and provide your customers with the frictionless transactions that they’ve come to expect. Whether you’re looking to expand your current online offerings or enter the digital space for the first time, we have the technology you need to accept payments safely and seamlessly. We’ll even help you customize your payment processing to your specific business. To set up a consultation, contact us here or give us a call at 877.840.1952.