When setting up an eCommerce solution for your business, security is the most critical component. It’s well documented that selling products and service online can increase revenue, and in today's growing market, having an eCommerce solution is a great way to grow your business in a cost effective manner. It’s also becoming imperative to have an ecommerce presence if you want to stay competitive. That being the case, how do you set up a secure eCommerce solution that protects not only your business against fraud, but also your valued customers.
Customer credit card security is drastically important if you want to maintain your customer base, and grow your customer loyalty. The first major vulnerability for an eCommerce solution is the checkout page where the customer’s credit card information is collection and transmitted for both pre-auth and post-auth. At an absolute minimum you need to have your checkout page hosted on a secure server that is SSL certified. This will show when your customers click to check out, and the URL address changes to HTTPS:// This illustrates to the customer that they are now in a secure location, where their credit card and personal information is being kept safe from fraudsters.
A certified SSL comes with a certificate that customers can validate the encryption services and security of your website. Securing your checkout page limits the risk of your customer’s credit card information being stolen by identity thieves and therefor limits your liability. It will also a pre-requisite when applying for any merchant account with a merchant services provider. Unless you are choosing to have a hosted pay page, an eCommerce solution requires your website to be fully secure.
A second and an increasingly apparent vulnerability for eCommerce solutions are credit card validation procedures. It is a good idea to validate customer credit card information with as many fields as possible. Although, you want your check out experience to be thorough to avoid any fraud, or misrepresented information, you aso want the check out experience to be painless and fast. There is a fine line between too many required fields, and not enough. I have outlined a few basic and fundamental fields that should be included:
- Billing Address
- Postal Code
- Credit Card Number
- Expiration Date
- CVV Code
- Email Address
If you do not capture the CVV code at the time of checkout you waive your rights to fight charge backs initiated by the customer. Additionally, if you do not validate the credit card credentials you open your business up to liability from credit card fraudster, whom can easily take credit card numbers and post fake address and required information without the need for the CVV code.
It is a good idea to choose a trusted merchant service provider that has tools to help limit your exposure to credit card fraudsters. While you begin to grow your online business, it is always important to monitor all your online transactions through your eCommerce solution as to limit any questionable activity, and remain always aware of fraudulant transactions.
Fraud protection tools are cheap insurance against credit card fraudsters. The right tools can make the difference between a successful eCommerce solution and having chargeback, and credit card liability issues. Fraud attempts can be eliminated with a rules based fraud detection application that examines each transaction before it is processed. Here are some examples of the rules that can be set up.
- If a daily, weekly or monthly number of transactions or total dollar amount is exceeded. Flag transaction for review or auto decline
- If a user tries a credit card X number of times, flag or decline
- If the first XXX digits of a credit card are attempted, flag or decline
- If daily, weekly or monthly number of transactions or total dollar amount attempted from a single IP address or block of IP addresses, flag or decline
- Ban a single IP address or blocks of IP addresses
- Ban specific credit cards
When choosing the right eCommerce solution, contact a merchant services provider who is very familiar with that industry. Gain insight and information that you require before making the decision. Also, make sure your customers know the effort you have made to protect them and their credit card information. Post your security prevention methods at the bottom of your website in the footer. By taking the appropriate steps to protect your customers you are laying the foundation for a very successful eCommerce solution and online presence.