Fraud Prevention UK-A4size-pg1 by nzj18474


									Online Fraud Prevention
In today’s business economy, fraud and security issues can have a serious impact
on a merchant’s business. It is very important that you know how to securely manage
and process online payments. Elavon is committed to helping its customers protect
cardholder data, and has prepared this document as a guideline for your business.

Stay Current With Industry Standards
You should always read your Payment Service Provider (PSP) agreement thoroughly to check
that it allows for internet transactions, before processing payments. Check that both your
Internet Service Provider (ISP) and PSP offer up-to-date fraud checks. Always test your security
features and fraud measures within your payment system before going live with any transac-
tion processing. You will be held completely accountable should a transaction prove to be
fraudulent. By taking the correct precautions to protect your business against fraud, you will
help reduce overall loss of revenue and chargebacks. Additionally, you will safeguard your
reputation with customers and avoid the potential fees and fines associated with a data
security breach.

Security measures
Using 3D Secure
3D Secure is a security process that helps secure merchant transactions, and has also
helped to address consumer concerns about online shopping security.
                                                                                                   Watch Out For:
3D Secure (MasterCard Secure Code and Verified by VISA) is a global e-commerce solution
that authenticates the identity of the cardholder through the use of a unique personal code.       • Multiple transactions
3D Secure verifies card authorisations by validating the cardholder’s identity, once this is
                                                                                                     from the same card
established 3D Secure will then send through a response indicating that you may proceed
with the transaction. This security measure has taken shopping and consumer confidence to
                                                                                                   • Multiple transactions
a new level.                                                                                         using different
                                                                                                     numbers from the
Using Card Verification Numbers                                                                      same IP address

Card Verification Number known as                                                                  • Multiple transactions
CVC2 (MasterCard) / CVV2 (Visa) is                                                                   where all the card
the 3 digit security number imprinted                                                                numbers begin with
                                                                                                     the same 6 digits
on the back of a card. This code helps
to validate the following:                                                                         • Transactions/orders
 – The customer’s card is a genuine card                                                             from other countries
 – The card account is legitimate                                                                    which may appear
As part of the authorisation process, you should request the 3 digit security number
(on the back of the card) from the customer. This number is then submitted                         • Different Shipping/
for electronic authorisation. You should never store the CVC2/CVV2                                   Billing Addresses
data and should delete it once used. CVV2 is required in a card not present

Some of the important benefits for merchants using 3D Secure and CVC2/CVV2 are:

   • Higher level of fraud protection

   • Reduced chargebacks

   • Increased consumer confidence
Security Compliance
The Payment Card Industry Data Security Standards (PCI DSS)

The PCI DSS standards were introduced by the Card Schemes, as a means of standardising the level of security within the
card payment industry. PCI DSS helps to reduce losses due to credit and debit card fraud. These standards are mandatory
for all merchants and organisations that store, process or transmit cardholder data.

To comply, you must ensure that appropriate technical and organisational security measures are in place to avoid
possible data hacking or credit card fraud. PCI Standards apply to you if you process credit card details. If you are
using a PSP and do not have access to, or store cardholder data, you will not be affected by these rules. However,
you will need to be security assessed by an independent and certified vendor.

PCI DSS Security Criteria

 Level                Criteria                                                                                     Validation Requirements

                    Any merchant - regardless of acceptance channel -
     1              processing over 6,000,000 Visa/MasterCard                                                        Annual on-site security audit
                    transactions per year, has suffered from a data                                                  – and –
                    compromise , or identified by another payment                                                    Quarterly network scan
                    card brand as Level 1

     2              Any merchant processing 1,000,000 to                                                             Annual self-assessment questionnaire
                    6,000,000 Visa/MasterCard transactions                                                           – and –
                    per year
                                                                                                                     Quarterly network scan

     3              Any e-commerce merchant processing 20,000                                                        Annual self-assessment questionnaire
                    but less than 1,000,000 Visa/MasterCard                                                          – and –
                    transactions per year                                                                            Quarterly network scan

     4              Any merchant processing less than 20,000                                                         Annual self-assessment questionnaire
                    e-commerce transactions per year and all
                    other merchants processing up to 1,000,000                                                       – and –
                    transactions per year, regardless of acceptance                                                  Quarterly network scan recommended

For further information, or to speak to a fraud team specialist, please contact Elavon’s Customer
Service Centre or visit

 Elavon Financial Services Limited
 Registered in Ireland – Number 418442. Registered Office: Block E, 1st Floor, Cherrywood Business Park, Loughlinstown, Co. Dublin,
 Ireland. Directors: Robert Abele (USA), John Collins, Terrance Dolan (USA), Pamela Joseph (USA), Declan Lynch, John McNally, Malcolm
 Towlson. Elavon Financial Services Limited, trading as Elavon Merchant Services, is regulated by the Financial Regulator. 0066E

To top