Credit Card Processing Security

Merchant Warehouse |

November 19, 2010

If you are a merchant processing credit card transactions, you have a number of security issues that you need to be aware of for the safety of your business and your customers. In today’s alphabet soup of acronyms, there are two main ones concerning the security of credit card payments to be aware of. These acronyms are “AVS” and “CVV.” Both of these help credit card payments to be completed safely – in person, by phone or mail, or over the Internet – and any merchant accepting credit cards in one or more of these ways should require both forms of verification.

The “AVS” (address verification service) is used to determine that the address provided by the customer matches the address associated with the credit card account. This helps to generate confidence that the individual who is using the credit card is the owner of it, as well. While the AVS is not required to process the credit card payment, once the payment is received the processor will send a response back with specific details of how much of the address that is given matches the address on the credit card.

The “CVV” (card verification value) is sometimes referred to as the “CVV-2″ and is usually a four-digit number found on the back of American Express, MasterCard, and Visa cards. You can find this code on the cards but not on any statements that you receive. This is a security measure incase someone happens to find your statement in the trash; they won’t have the ability to use your credit card to make purchases. Customers have to enter the CVV code upon request and that’s a strong indication that they are the card owner. Most credit card fraud online occurs when a thief has found a discarded receipt or a thrown out credit card statement, but by requiring the CVV code, the merchant can eliminate that type of fraud. If a CVV number is entered and is incorrect, the credit card issuer will decline the transaction.


Other Denials, Other Risks

Denial of a credit card does not necessarily have to do with the address being incorrect. It is actually up to the merchant to decide the outcome of the transaction. A merchant can deny a sale or require the purchaser to submit additional information in order to prove their identity. If the opportunity arises, it’s in the best interest of the purchaser, of course, to reveal the correct information to the merchant.

When processing credit cards, it is usually required that the customer’s information be transferred about four times, which is an indicator that there are four instances in which a thief could gain access to the cardholder’s detailed information when a customer sends a merchant their credit card information via the Internet. In fact, the increasing use of the Internet for ecommerce has added another layer of difficulty to the verification process. Merchants that have web-based businesses are solely responsible for fraudulent transactions that occur on a customer’s account. Having a secure server and a valid security certificate with the https protocol (“s” for “secure”) will protect and encrypt private information that you receive from customers and transmit with their implicit permission.

The Basics Still Count
The best security is thinking people. If you are a retail store, you already have security precautions in place for checking ID, verifying signatures and so forth. The credit card associations and the reputable merchant account providers all help merchants by describing ways to conduct business more safely. Some of the security measures are even mandatory, and you can lose your merchant account by failing to enforce them.

Make sure to keep training your people in the changing ways of criminals and the new kinds of fraud that are popping up all over the world. Ecommerce businesses, in particular, need to focus on PC security, keep their records safe and backed up, guard all the passwords, use anti-virus software and do everything else necessary to keep a healthy computer system. That is where your business resides these days, on hard drives, so PC maintenance actually becomes another part of the security formula.

Special Online Security Measures
You will want to be sure that the credit card transaction processing software you use for your business is secure by using a reputable processing company. As customer information is moved in and out of a database through the transaction process, the security must be top of the line, and choosing a solid company that offers encrypted software for this part of the process ensures this.

Finally, when customer credit card information is viewed or handled by you or your staff, it’s important that you ensure security at this stage as well, employing the steps outlined above as well as any your account provider recommends. In all aspects of your business, you want the reassurance that the ways you process your transactions are safe and not just for you, but the customers. Otherwise you might find your business, well – out of business!