Online sales are riding a wave of growth, and discussions about the most secure payment method are now even more relevant. Regardless of what side of the transaction you’re on, either as a merchant or as a shopper, you’ve probably found yourself wondering “Are online payments safe?”
A whopping $630 billion is expected to be exchanged in eCommerce online transactions in the US alone in 2020, but shoppers and merchants still face risks when entering into these payments, which explains why both parties are so interested in the safest way to pay online.
Why security matters in online payments
What are the risks? Security breaches are the top reason merchants and shoppers still debate what constitutes a secure online payment.
But with news of hacked accounts, stolen identities, data breaches, and card fraud, more prevalent in today’s media landscape, merchants and payment providers have doubled up on the security of their digital environments.
Regulations to enforce online payments security
If you’re acting as an online merchant in any of the global markets, there are a number of regulations you should follow to ensure online payment security.
Payment Card Security Standards
The PCI DSS (Payment Card Industry Data Security Standards) is one such regulation, enforced by credit card networks like Visa or Mastercard.
This standard imposes 12 general data security requirements, aimed at creating a secure infrastructure environment for merchants who want to achieve card payments compliance. There are four levels to PCI compliance, depending on the volume of yearly online transactions processes.
If your online shop is not yet aligned to the PCI DSS, read our guide on how to achieve PCI compliance.
Data protection regulations
New data protection laws have also brought forward novel requirements that payment processors and merchants need to comply with, in an effort to protect shoppers’ personal and payment data. In Europe, for example, the GDPR (General Data Protection Regulation) came into effect in 2018, strengthening the requirements for how online payments are processed and expanding the rights of individuals. For a merchant selling in the European Union, compliance with the GDPR involves privacy impact assessments, more transparency in cases of data breaches, and appointing dedicated Data Protection Officers.
Back in the US, new regional privacy regulations, such as the CCPA (California Consumer Privacy Act) are also attempting to declutter the privacy arena, and could potentially lead to a more secure, predictable payment environment.
While merchants may worry about the increased costs of aligning their operations to be compliant, or about payment friction, it is hoped that these privacy regulations will ultimately help reinforce a more secure setup for transactions of data and funds.
The Payment Service Directive 2
Payment service directives, such as the PSD2 introduced in 2018 in Europe, are another type of regulation that aims to make online payments secure. The Payment Service Directive 2 implemented EU payment regulations to secure transactions, through a mandatory Strong Customer Authentication (SCA) mechanism and new rules that govern access to account information from third-party providers and the treatment of recurring transactions.
PSD2 also enforced an additional security layer for card-not-present transactions, 3D Secure version 2, an update to the previous 3D Secure flows. This protocol allows the issuing bank to use a wider range of transaction data-points to run a risk analysis, for transactions over 30 EUR. The new 3DS-2 addresses shoppers’ and merchants’ doubts about the safety of online transactions, and its introduction of frictionless authentication for payments can even improve user experience on eCommerce sites.
Which online payments are secure?
In spite of the ever-optimizing landscape in payments, parties involved in an online transaction may still be burdened by security doubts: Is PayPal safe? Is GooglePay safe? What is the safest way to pay online? Knowing how to pay online securely can be a real challenge.
Let’s go over the most popular payment methods used in eCommerce today, to evaluate how they stack up in terms of security.
Cards are one the safest payment methods available online, given that their usage is regulated by payments compliance standards, such as the 3D secure flows already discussed. Credit cards, in particular, pose even smaller risks in usage for shoppers, as the money used for the purchase, which the shopper pays for later, comes from the issuing bank.
In the US, credit card users are also additionally protected by the Fair Credit Billing Act, which stipulates that shoppers have up to 60 days to contest billing charges for amounts over $50, and limits the card holder’s liability to $50, in case of card loss or theft.
Use of debit cards for online shopping also falls under the protection of 3DS standards, which means one-time passwords – sent via message or email – are employed for purchase authentication.
Debit cards and credit cards alike are both protected by Zero Liability Protection programs from Visa and Mastercard. These programs stipulate that card holders are not responsible for unauthorized charges, yet another factor that makes cards safe for online payments.
Shoppers who don’t want to use cards online have the option to use third-party services, which act as a middleman in the transaction, such as eWallets.
Users can opt in for stages wallets, like the popular PayPal, a category leader in sending and receiving money online since its launch in 2002, or the pass through wallets like GooglePay or ApplePay.
These services tend to be secure by design, as they don’t share the shopper’s payment data (bank account information). This means the user doesn’t distribute their card information on the sites where they’re shopping, instead using just the account information for the third-party service with each transaction involving the exchange of unique random codes.
Additionally, many of these services include payback or buyer protection programs, which further enhance the security of the user’s transaction and payment data.
Direct debits are an option for shoppers paying recurring sums, amounts drawn automatically from their bank accounts. In general, direct debit is considered a safe online payment option, as the setup/authorization stage includes a number of safeguards and verifications. In some jurisdictions, regulations add extra security to direct debits.
EU payment regulations, for example, dictate that a shopper can request a direct debit refund for a contract that terminated within eight weeks after termination.
This online payment method is still employed by some merchants and involves the shopper sending money directly from his bank account to a bank account provided by the merchant. The security of wire transfers depends on how both of the banks’ security environments are set up. Wire transfers can be subject to fraud, especially in cases when the identity of the merchant isn’t easily verifiable.
How to make online payments secure as a merchant?
As a merchant, there are a number of tactics you can employ to ensure the security of your payment setup. Besides reminding consumers of the benefits of online payments, teach them how to make online payments safely and what your brand is doing in this field.
Make users feel safe on your site/in your app
Showcase those tells that let them know you’re a seller who cares about security. Use a SSL/TLS certificate that will automatically display the padlock icon in the browser’s address bar, a sign that shoppers associate with secure transactions, and feature payment method icons which your users recognize and trust, like Visa, Mastercard, or PayPal.
Keep users in the loop
Communicating with users on the status of their order, shipping details, and past orders makes the whole online payment process more transparent and more resilient in the face of fraud attempts.
Review your orders
In order to keep control of your orders, take actions to review them periodically. This way you will uncover if there is any shady activity or fraud attempts on your systems.
Take all necessary steps needed to ensure payment compliance with standards and regulations in place within the markets you’re selling. Using a professional payment service provider can optimize your efforts on compliance fronts.
Use 3D Secure gateways
Not only it provides an extra layer of security with two-factor authentication, but it also protects merchants from unwanted chargebacks.
Enable an Address Verification System (AVS)
Talk to your payment provider about the option of activating AVS for your eShop. Because criminals don’t normally have access to billing addresses of stolen/cloned cards, this extra verification step can result in fewer fraud attempts.
Security of online payments may still be a concern for merchants and shoppers, but as we’ve discussed, there are a lot of mechanisms in place that have brought great developments in the field in recent years.
Though the volume of security measures that have to be implemented may seem overwhelming, reliable partners such as banks or payment service providers can take a lot of this complexity out of the merchant’s hands.
Start by understanding what your setup is currently missing and work your way towards gradually reinforcing your online security setup.