October is National Cyber Security Awareness Month so we wanted to provide some tips for E-commerce merchants to protect payments.

1. 5 BEST PRACTICE TIPS
for E-commerce Merchants to
Protect Payments

2. So you're selling your products
and services online? GREAT
Just make sure the payment
data you're collecting
doesn't get compromised, or
your profits will!

3. TIP 1
Deploy SSL (Secure Socket Layer)
SSL is a protocol used on the web for:
Encrypting website data so that
data sent from the browser to the
server and back is protected
Authenticating your website so
visitors know you are who
you say you are
HTTPS = HTTP with SSL

4. TIP 2
Protect your IT environment
Deploy a firewall solution to
protect your applications,
databases and web servers
Deploy intrusion-detection
systems/intrusion-prevention
systems (IDS/IPS)
Train technical staff to properly
manage security including firewalls,
digital certificates, and SSL encryption

5. TIP 3
Authenticate your customers
Request Credit Verification Value (CVV)
information in addition to Primary Account
Number and expiration date
Consider using 3D Secure (Verified by Visa,
MasterCard SecureCode) if you process risky
transactions. It is mandatory in some countries,
highly recommended in others, and enables
fraud liability shift to the issuing banks.
(you will not be liable in case of fraud, your
customer’s bank will be)

6. TIP 4
Deploy fraud management solutions
Create simple fraud rules
- Create exception rules for transactions if there is no Address
Verification Service (AVS) match
- Use white/black lists
- Determine if you should reject transactions from a defined BIN
range (specific card brands) or originating from certain IP
location address/range (specific countries)
Create more complex rules and utilize new innovative
solutions
- Device identification (device fingerprinting)
- Statistical models
- Sophisticated rules engine, combining industry white/black lists,
with custom rules to match your business and statistical models

7. TIP 5
Protect sensitive data if you need to store it
If you store customer profile data to enable
an easier checkout process
- Do not store the credit card number, instead
request a token from your Payment Service
Provider
- Only display the last 4 digits of the card in the
customer profile, not the full card/token
- Never store the Credit Verification Value – ask
your customer to enter their CVV when they
complete the check-out process

8. Final Thoughts
An easy way to secure sensitive
customer data is to use a Payment
Gateway offering a Hosted Payment
Page or API with direct post
capabilities to capture payment data
and process the payment.
However, you still need to
take extra measures to
protect your customers’
data and to stay compliant
with the PCI-DSS.

9. Thank you for viewing
this presentation!
For more information:
Call
Email
Visit
Engage
1.866.853.3845
sales@merchantlink.com
www.merchantlink.com
www.merchantlink.com/blog