for E-commerce Merchants to

Protect Payments

5 BEST PRACTICE TIPS

So you're selling your products and services online? GREAT

Just make sure the payment data you're collecting doesn't get compromised, or your profits will!

Deploy SSL (Secure Socket Layer)

SSL is a protocol used on the web for:

Encrypting website data so that data sent from the browser to the server and back is protected

Authenticating your website so visitors know you are whoyou say you are

HTTPS = HTTP with SSL

TIP 1

Deploy intrusion-detection systems/intrusion-prevention systems (IDS/IPS)

Train technical staff to properly manage security including firewalls, digital certificates, and SSL encryption

Deploy a firewall solution to protect your applications, databases and web servers

Protect your IT environmentTIP 2

Consider using 3D Secure (Verified by Visa, MasterCard SecureCode) if you process risky transactions. It is mandatory in some countries, highly recommended in others, and enables fraud liability shift to the issuing banks.

(you will not be liable in case of fraud, your customer’s bank will be)

Request Credit Verification Value (CVV) information in addition to Primary Account Number and expiration date

Authenticate your customersTIP 3

Deploy fraud management solutionsTIP 4

Create more complex rules and utilize new innovative solutions

- Device identification (device fingerprinting)

- Statistical models

- Sophisticated rules engine, combining industry white/black lists, with custom rules to match your business and statistical models

Create simple fraud rules

- Create exception rules for transactions if there is no Address Verification Service (AVS) match

- Use white/black lists

- Determine if you should reject transactions from a defined BIN range (specific card brands) or originating from certain IP location address/range (specific countries)

Protect sensitive data if you need to store itTIP 5

If you store customer profile data to enable an easier checkout process

- Do not store the credit card number, instead request a token from your Payment Service Provider

- Only display the last 4 digits of the card in the customer profile, not the full card/token

- Never store the Credit Verification Value – ask your customer to enter their CVV when they complete the check-out process

However, you still need to take extra measures to protect your customers’ data and to stay compliant with the PCI-DSS.

An easy way to secure sensitive customer data is to use a Payment Gateway offering a Hosted Payment Page or API with direct post capabilities to capture payment data and process the payment.

Final Thoughts

Thank you for viewing this presentation!

For more information:

Call 1.866.853.3845Email sales@merchantlink.comVisit www.merchantlink.comEngage www.merchantlink.com/blog