|Christina Lavingia is the content marketing manager at PayJunction, which integrates with CS-Cart. As PCI Level 1 Merchant Account Provider and Payment Gateway, PayJunction eliminates one of your bills and secures your e-commerce payments through tokenization, remote signature capture, AVS and CVV. PayJunction is a pioneer in paperless payment processing and provides its customers with one free EMV-ready terminal to accept secure transactions in-person and online.|
If you’re a responsible business owner, you likely take precautionary measures to protect your business. These may include locking up your retail location at the end of the day, restricting cash register access to certain employees, and responsibly managing all paper files and documents.
It can be easy to overlook (especially as a new business), but securing your customers’ payment information should be at the top of your priority list. After all, even one data breach could cost you enough business to shut down operations. This is true for in-store and e-commerce payments.
If you run an e-commerce store, there are numerous security protocols and best practices you can follow to ensure you’re operating a safe cardholder environment and protecting your customers. Here are four tips to do just that:
Run AVS and CVV
Address Verification System (AVS) and Card Verification Value (CVV) are two different ways to verify card-not-present payments. AVS requests that your customer provide the billing address associated with the card. CVV requests the three-digit code on the back of the card (for Visa, MasterCard and Discover) or the four-digit code on the front of Amex cards to verify that the customer has physical possession of the card.
Running AVS costs $0.01 per transaction but it can lower your credit card processing rates by reducing your transaction risk. CVV does not impact your credit card processing rates, but further ensures that your transactions are secure. To maximize the benefits of AVS, require that both the address and ZIP code match what’s provided. If one or both fail, the transaction will decline. Sure, you may not fulfill that purchase, but you’ll also save yourself the headache of a potential chargeback dispute.
Furthermore, not running AVS can result in expensive downgrades. A downgrade is when a transaction falls into a higher-rate tier because it is riskier than normally classified. We’ve found that AVS downgrades can increase processing fees by as much as 64%!
Capture Remote Signatures
A signature is the best defense in the event of a chargeback. We’re all familiar with the printed receipts we sign at restaurants or retail stores that authorize our transactions. Businesses hold onto these paper receipt slips for up to seven years in the event that a transaction is disputed as fraudulent.
Over-the-phone and online transactions traditionally can’t achieve this level of authorization (or at least not easily). Previously, businesses that wanted a signature to protect themselves from chargebacks would have to fax a receipt to their customers to sign and fax back. This workaround relies too much on customer follow-through and is inconvenient for many.
Enter remote signature capture. This innovative feature allows businesses to email a digital receipt to their customers to sign for via their finger on a smartphone or their mouse on a computer. The business is notified when a signature is obtained, and the digital receipt is stored in the cloud moving forward.
Store Tokenized Data
Storing raw cardholder data, whether it’s in a file cabinet or on a computer, is irresponsible. The best security available today is tokenization. Unlike encryption, which masks sensitive information that can be unlocked, tokenization replaces data with a randomly generated string of characters. The token can only be decoded at the final destination of the credit card transaction: the payment processor. If a hacker obtained the code, it would have no meaning or value.
Partner With a PCI Level 1 Provider
Any organization that processes, stores or transmits cardholder data is subject to the Payment Card Industry Data Security Standard. The steps to being PCI compliant are lengthy and ever-evolving, as the card brands (Visa, MasterCard, Discover and Amex) are constantly updating their standards to meet advancements in security.
Even if you adhere to the highest PCI standards as a business, your efforts are only as good as your provider’s. The easiest way to achieve compliance is by partnering with a PCI Level 1 compliant provider (the highest achievable rating). Additionally, look for providers that aid their customers in becoming PCI compliant as opposed to charging them costly PCI and SAQ fees. With a PCI Level 1 provider, you gain peace of mind knowing that your customer data is protected to the highest standard.