4 Best Practices for Securing a Payment Page and Protecting Customer Privacy

Payment Page Security

With online sales expected to grow to more than $400 billion within the next two years, you need to make sure that you accept online payments via a payment page that is totally secure and protects customer privacy.

Ecommerce allows you to be present 24 hours a day, every day of the year, so you and your customers need to be assured of complete efficiency and security; preventing fraud, protecting cardholder data and information, and avoiding chargebacks should be your main concerns when it comes to the security of your payment page.

Here are four best practices that you can adopt to ensure your business and your customers stay safe:

1. Be transparent

Make sure your contact information is clearly displayed on each and every page of your site, on shipping documentation and of course in all your correspondence, whether it’s electronic or old-fashioned “snail mail”.

Make it easy for customers to immediately identify from where the bill originated by using your company or brand name as your billing descriptor (what appears on the customer’s credit card statement). It’s also a good idea to apply for a toll-free number which should be used on all correspondence, promotional material, website, and in your billing statements.

Once an order or refund is processed, immediately send an email confirmation and fully disclose refund policies and procedures. You should publish clear and understandable policies for all aspects of your business, including the privacy policy. This information should always appear in order confirmation messages and on the website.

2. Gather encrypted cardholder data

Gathering cardholder data is vital for you to ensure that the purchases are genuine and valid. It also allows you to build a database of customers and know who you are dealing with. Just as the customers need to know who they are buying from, you need to know who is buying from you…and whether they are genuine purchasers with verified credit ratings and payment capabilities.

You must gather card holder data using encryption technology to ensure customer security and privacy, while still making sure that you have all details you need so that you can authorize and process the order: this will typically include email address, phone number, and shipping and billing addresses, in addition to the card details, of course.  You can then run the encrypted information through your risk management system and see if any red flags arise.

3. Use the best practices from the PCI DSS council.

The Payment Card Industry Data Security Standards Council is responsible for the development, management, education, and awareness of the PCI Security Standards. The Council has published a set of best practices which will give you that extra level of security including:

  • Use data encryption to protect stored data. This will completely protect internally stored cardholder information.
  • Encrypt all data distributed across public networks including email, FTP, data streams and phone lines.
  • Do not allow anyone who is not classified as absolutely “need to know” access to any data.
  • Ensure that your customer’s data is totally protected by any business partners or affiliates, such as fulfillment houses, call centers, and marketing associates who may have access to your customers’ payment information.

To ensure that your business is compliant with the best practices from the PCI DSS, it is wise to work with a PCI DSS Level 1 certified payment service provider.

4. Use AVS checks to reduce chargebacks during order processing

You can prevent chargebacks while orders are being processed by conducting an Address Verification System (AVS) check.

  • Run a “Zero Dollar Verification” (ZDF), also known as an “AVS-only” authorization, to test card validity prior to payment. Avoid “$1.00 Authorizations”. These may confuse customers when they appear in credit card statements.
  • Each deposit should reference only one valid authorization. It is best not to submit “forced deposits” without valid authorizations.
  • Ask your PSP if they support submission of your authorization Transaction ID with all deposits and refunds. This will prohibit forced deposits and can help reduce fraud.
  • If you experience an AVS failure, contact the customer, directly. Only use voice authorizations as a last resort because these bypass processors’ systems and cannot be used to refute chargebacks.

Payment page security and protecting customer privacy are extremely important for any business to be successful. By implementing these 4 best practices into your business, you will be able to more easily prevent fraud and increase customer loyalty and satisfaction.

contact us button

Direct Pay Online Digest

Recent Posts