Online card fraud: balancing convenience and security
The opportunities to do business online continue to grow, but card fraud remains a concern. Phil Thomas, Senior Manager, Lloyds Bank Cardnet, explains how business owners can protect themselves without compromising ease of use for their customers – and how Lloyds Bank Cardnet can help.
“The UK is the biggest card payments market in the European Union, with Britain accounting for more than 30% of all EU card spending and 73% of the EU credit card market.1
The good news is that overall rates of card fraud are in decline. In 2014, fraud losses in UK cards totalled £479m, down 27% from its peak in 2008. However, the rise of online shopping means CNP (cardholder not present) fraud is still an issue, with £331.1m lost in 2014 alone.2
What’s driving online card fraud?
One reason behind CNP fraud is consumers’ desire for convenience. The more security you put into a payment system, the more steps to making a purchase you potentially create for your customer, and the more likely they are to drop out during the transaction. If their experience is unduly clunky, the consumer may decide to go elsewhere and that can make it easy for a merchant to lean towards convenience over security.
"If a merchant does not verify the address of the customer, they could leave themselves vulnerable"
Another factor is that a lot of small businesses do not always understand their responsibilities and what they might be responsible for in the event of a fraudulent transaction. But if a merchant does not perform basic checks, such as verifying the address of the customer, for example, they could leave themselves vulnerable.
The impact of fraud can be sizable, including revenue loss, fraud handling costs, fines for breaching acceptable fraud levels and reputational damage. So it is vital for business owners to find the right balance between security and convenience.
What can business owners do to tackle fraud?
There are some basic steps that small business owners should be aware of:
- Ensure virus protection software is installed on the website. That will make it much harder for customer details to be attacked or compromised.
- From a data security point of view, ensure the business is Payment Card Industry Data Security Standard (PCI DSS) compliant.
- If you are thinking about adopting alternative non-card based payment methods, check their policies on chargeback – the process that is followed when a transaction is disputed. Not all payment methods have the same chargeback process; each one has its own nuances, and it is important to be aware of them.
What support can acquiring services provide?
Acquirers can help small business owners in a number of ways. When customers are entering their card details, they will typically perform checks to ensure the card is legitimate and belongs to the person attempting to make the purchase.
"One way for business owners to combine convenience with security is to embed 3D Secure into their company website"
Lloyds Bank Cardnet can also assist in helping a business attain PCI DSS compliance, which is mandatory and especially important for businesses selling online to ensure that cardholder details are kept secure.
One way for business owners to combine convenience with security is to embed 3D Secure, an additional security layer, into their company website. This gives the 3D Secure page the same look and feel as the rest of the website, helping to reduce confusion and smooth the customer journey.
Lloyds Bank Cardnet is also part of Cyberstreetwise, a government-led initiative to address the issue of remote fraud against small and medium-sized businesses.
There is a whole section of the Cyberstreetwise website for business owners, with specific videos for merchants selling online. The site gives advice on issues such as the need for a secure socket layer – known as an SSL – to create an encrypted channel between the client and the merchant’s website. That is considered the gold standard of online security.”
Tips to combat card fraud
- Ensure you have clear refund policies on your website to avoid unnecessary disputes that can be Trojan horses for fraud
- Make sure you have a clear description of your products and services and a clear refund policy, for the same reason
- Arrange for your business to become PCI DSS compliant. If you’re not sure how, Lloyds Bank Cardnet can help
- Set up an additional layer of security, such as 3D Secure, with the same look and feel as the rest of your website
2 Fraud The Facts 2014, FFA UK