According to a report by the Office for National Statistics (ONS), there were an estimated 4.5 million fraud offences in England and Wales between March 2021 and March 2022, and 61% of these were cyber-related.
And the problem is getting worse, with over $41 billion (around £33 billion) lost every year to online payment fraud. All parties—including consumers—need to consider the role that they play and ensure they stay safe and secure, but this is especially true for merchants, who risk losing both money and reputation in an increasingly security-conscious world.
From security & compliance to online payment processing, there are many ways that merchants can reduce the risk for themselves and their customers. This guide will address topics such as:
- What is payment tokenisation?
- How does PSD2 compliance work?
- How does 3D Secure keep customers safe?
- What are the most secure online payment methods?
The Payment Service Providers Directive (PSD) was first enacted by the European Union (EU) in 2007 and then amended six years later, creating PSD2.
It is a regulatory framework designed to keep EU payments secure, and it applies to all companies doing business in the EU, as well as the UK, where it was enacted into law. To ensure complete PSD2 compliance, companies must bolster their secure payment systems and abide by certain requirements and recommendations:
- Multi-factor security authentication: Customers must use at least two factors of authentication to log in. This often includes a password and a code sent via text or email. It can also include biometric data and security codes.
- Open API: Specific third-party providers (TPP) must be allowed access to consumer data when said access is granted by the customer. For instance, a bank may seek access to a customer’s account at another bank so it can provide its own services.
- Improved transparency: Businesses are encouraged to improve transparency (especially regarding transaction fees, services, and terms and conditions) to make their services clearer and more user-friendly.
- Complaints and escalation process: Customer complaints must be dealt with in a timely manner and certain incidents should be escalated or reported (such as security breaches).
- Surcharge ban: Certain surcharges are not allowed in certain circumstances, such as credit/debit card fees when providing food, travel, delivery services, and ticketing services.
There’s a lot to consider, but with Pixxles, compliance is always guaranteed. We adopt the highest security standards and meet the exacting regulatory demands required of UK-based and EU-operating companies.
3D Secure (3DS) provides an extra layer of payment security. It stands for “3 domains” and refers to the involvement of a card issuer, merchant, and secure infrastructure platform. If activated, 3DS may appear when a user makes a card payment. They will be sent to a secure 3DS page while a PIN is sent to their phone.
The user can then enter the PIN into the required field, confirming that they are the card owner.
3DS doesn’t just benefit consumers. The extra protection also keeps merchants safe from fraudulent payments, thus reducing the risk of future chargebacks and other issues.
- Developed by Visa and licensed to Mastercard
- Includes Visa Secure from Visa and SecureCode from Mastercard
- Available on most cards issued in the United Kingdom.
It’s worth noting that this secure online payment feature only activates if the issuing bank highlights a security risk. It is also quick, fluid, and seamless enough not to slow customers down too much as they complete their purchases.
When sensitive payment data is processed, it is replaced by a series of randomly generated characters. That way, if there is a breach, the real data won’t be exposed. This process is known as payment tokenisation.
It begins when the payment details are collected, after which the token is generated. This token is then sent to the payment processor where it is encrypted and authorised.
- Tokens consist of randomly generated numbers and letters
- Helps to reduce fraud by 26% according to stats released by Visa
- Quick, secure, and convenient
- The process occurs in real-time
- Commonly seen with mobile wallets, contactless payments, and recurring payments
Card scheme compliance
If your business is card scheme compliant, it means that you abide by all the rules and regulations demanded by a card scheme, such as the networks used by Mastercard and Visa.
There’s a lot to consider, but at Pixxles, we can help you with all of it. Our in-house compliance team will perform a website compliance review to ensure that you meet all relevant card scheme rules and help you to fix any issues that prevent you from doing so.
This review is conducted before you begin accepting payments and is used to ensure complete readiness and prevent any issues from appearing down the line.
Ask for the CVV number
The card verification value/code (CVV/CVC) code is a 3-digit code found on the back of most credit/debit cards (American Express cards use 4-digit numbers located on the front of the card).
A secure online payment network should always request a CVV/CVC code. It confirms that the customer making the payment is in possession of the card.
How Pixxles can help to keep merchants secure
At Pixxles, we employ a number of security protocols and use the latest technology to ensure that both the customer making the transaction and the merchant receiving it are protected.
Our secure online payment systems are some of the most advanced on the market and we have the means and experience to help you with compliance.
Visit our Why Pixxles page to learn more and discover what Pixxles can do for your business.
Online payment security for merchants FAQs
What is the most secure method of online payment?
If a secure online payment processing solution is used, all payment methods are secure. However, credit cards are usually held in the highest regard and may provide additional layers of security. The payments are encrypted and sent for authorisation, thus reducing the risk of interception/theft while also minimising the chances of fraudulent use.
From the consumer’s perspective, many credit card providers also cover any losses involved with a fraudulent transaction.
How can you assess the security of online payments?
To make sure your transactions are secure, and your customers are protected, secure your site with an SSL, keep all third-party apps/plugins/widgets updated, always ask for a CVC/CVV number, and work with a secure online payment processor like Pixxles, one that can keep you and your customers safe while assisting with compliance.
What are the main security risks when handling payments?
Outdated software, employee error, improperly stored information, and unsecure networks/sites are some of the biggest security risks. You can safeguard against most of these risks by working with secure payment processing solutions, remaining compliant, updating your systems regularly, and educating consumers and employees about best practices.
Which payment method is least secure online?
Online payments are as secure as the networks they use, and most networks are secure these days. However, if you take those payments offline, as with paper cheques and money orders, you circumvent those secure processes and introduce risks such as theft and loss. For this reason, many e-commerce companies no longer cheques and money orders.