May 26, 2014

Picking an Online Payment Processor: Security & Risk

Posted by 2Checkout Category IconInternational

With massive data breaches hitting such major corporations as Target and eBay, online security has become one of the most important facets of running an online business. After all, an online business can only succeed if it can make its visitors feel comfortable enough to submit their credit card information online. With this in mind, security should plays a major role in choosing an online payment processor, and rightfully so: up to 1 in 4 consumers have been a victim of fraud in the past five years.Online payment processors directly handle, store, and manage consumers’ financial information once orders have been submitted. So how can you be sure your online payment processor’s security is up to par?

The very first thing merchants should look for in their online payment processor is PCI compliance. The Payment Card Industry Data Security Standards (PCI-DSS) ensure uniformity in consumer data protection against fraud and identity theft. Any organization that accepts cards (including debit cards, credit cards, and any other form of private card payment) is required to adhere to these standards, which include:

  • Install and maintain a firewall configuration to protect data
  • Use non-vendor supplied system passwords
  • Encrypt the transmission of cardholder data
  • Protect all systems against malware
  • Restrict access to cardholder data within business to only need to know individuals
  • Identify and authenticate access to system components
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security for all personnel

Online payment processors that are PCI-compliant are responsible for storing and protecting customers’ financial data, which greatly reduces merchants’ liability. If a merchant chooses to do business with a non-compliant online payment processor, the merchant must achieve PCI compliance on his or her own.In addition to PCI compliance, merchants should look for an online payment processor that uses advanced fraud risk mitigation and prevention tactics.There are many ways to identify fraudulent activity; for instance, 2Checkout utilizes both a fraud network and a sophisticated set of algorithms to double check patterns and flag suspicious activity. The fraud network allows payment processors to monitor issuing banks, credit card associations, consumers, and merchants. If fraud-detecting algorithms identify a potentially negative action or card user, the online payment processor can then check with the individuals associated with the fraud network to confirm fraudulent activities.

Interested in learning more about choosing an online payment processor? Check out our free guide, How to Choose an Online Payment Processor!