Before selecting a Payment gateway, we must analyze the risk management and fraud detection techniques implemented in that particular payment gateway.
These techniques can be divided into 2 categories:
1) Basic security techniques
The following are the basic security techniques that should be implemented in a payment gateway or should be considered while choosing a right payment gateway:
- All the payment details should be in encrypted format.
- SSL Web Sever Certificate should be there for carrying out secure communications by encrypting all data to and from the site.
- AVS(Address Verification Service) and CVV (Card Verification Value)
- Payment Card Industry Data Security Standards (PCI-DSS) should be followed.
- The physical and datacenter security (where the payment gateway servers are hosted).
- Firewall and intrusion detection systems at the OS and application layer, database security, and finally transaction security.
2) Fraud detection tools
In addition to the basic security, a high level security should be implemented by using various fraud detection tools:
- Negative database mapping [actual data and negative data stored together to help prevent data theft from malicious users and provide efficient data retrieval for all valid users]
- High Risk Global IP Address Verification [Geographic location is mapped which can identify locations where the probability of fraud is. Also to calculate the distance between billing address of online buyers and actual location of persons entering the orders.]
- Velocity Checks [ limits can be set to the number of times a consumer’s credit card can be used at pumps in single or multiple locations in a designated time period.]
- Issuing Bank BIN number mapping [Extra validations can be done by using a unique BIN number of a card like matching country, issuing bank name, Check funding type: Debit, Credit or Gift (Prepaid), Validate brand: Visa , MasterCard , American Express etc.]
- Zip Code and Telephone Validity Checks [discover orders with invalid zip codes or a mismatch between the zip code and area code are detected]
So keeping in mind the above security measures, the right payment gateway should be selected.