Shopping online is something that has become quite common and almost everybody does it. From a user perspective, all you typically have to do is look in your browser window and make sure the padlock is there in the URL bar. This means your connection is encrypted, and your data is secure. When you enter your credit card data, your name, address, and password information, you can often see various images and logos that tell you how safe this transaction is, but it is never clear what actually happens behind the scenes.
How exactly are web sites handling that data in the background, and how do you know whether your financial information is safe? And if you run a business, how would you go about making sure your own site is safe for customers? Here is a bit of a behind the scenes of how things work, and how e-commerce sites make payment safe.
Understanding payment systems
The first thing to understand is that making online payment safe for everyone is an incredibly complex issue to solve. There are a lot of variables, and many things have to be taken into account. Simply put, most people do not have the knowledge and expertise needed to create a completely safe e-commerce site by themselves. This is why so-called payment gateways exist.
While you can make your own shopping site, when it comes time to handle the actual financial part of a transaction, accepting credit card numbers and such, most small and medium businesses do not handle that process by themselves; instead they redirect the user to one of a number of sites such as PayPal, ccBill, Stripe and so on. These are payment gateways and they handle all of the financial sides of things. In fact, most small to medium businesses who try to implement their own custom payment solution makes some type of mistake, and they become a prime target for fraudsters.
Another important concept is the one of SSL certificates. These provide a lot of security for payment systems, because not only do they provide encryption, they also authenticate sites. When you build an e-commerce portal, you go to one of a set of SSL vendors, which can verify who you are and sell you a digital certificate that has that information on it. Then, you use this certificate on your server, and anyone connecting will know that they reached their intended destination. This helps prevent phishing attempts and malware.
But the question remains, how are these sites keeping financial transactions safe?
The answer is not any one thing. Instead, it is a series of measures that, when taken together, ensure a good enough level of security. Safety starts at the credit card company. Every credit card provider ensures that no fraudulent transaction will be left to the user. If your card gets stolen, then the company will assume costs from illicit transactions. Then, there are the features on the card itself.
Most cards now have a chip in them, although for online transactions that are not very useful. This is why the CVV number exists. This is a number at the back of the card, and which merchants have to ask in order for the transaction to go through. Then, there is the AVS, or address verification service, which provides an additional assurance that whoever is using the credit card also knows the owner’s home address.
Then the sites also typically add some more layers of security which are done behind the scene, invisible to the user. Most of them use geo-location services, to make sure your IP address comes from the same country where the credit card was issued. In the case of bank transfers, the site may require you to upload a photo ID, or contact the bank to confirm the transaction. Most of these methods also offer chargebacks, which means the user will be protected from an illicit transfer, although that does not apply for electronic transfers. Finally, these payment services also employ a series of scripts that scan for red flags, like if someone ends up on the payment page without browsing through a shopping cart first, it may be an indication of a bot. If you use a known proxy address, that may also mean you are trying to hide your real location, and could be seen as a red flag.
Do it yourself or outsourcing?
Of course, all of those measures mean that the result for the end user will be less convenient. A typical payment form has 21 fields, which is far more than the 3 minimum fields that should be required for a credit card name, number and expiration. This is because of security, and is unavoidable. Those who try to avoid them typically end up as the target of much fraud.
A recent study shows that these extra security measures bring conversion rates down by over 40%. This is why services like PayPal have become so popular, because you can pay with a single step. But they too have to use a lot of methods to remove fraud, which leads to all the horror stories that we hear on forums. In the end, there is no perfect solution. Sites protect themselves and their users by using layers of security, and that is unlikely to change for quite some time.
Related Posts :