Datacap Logo

Payment Security Considerations at the Point of Sale

The payments industry is still trying to get its arms around the long-running problem of credit card fraud. Experts estimate that losses will reach $165 billion in the next decade for the U.S. market alone. With so much at stake, providers must do everything in their power to protect the point of sale from coming under attack and make payment security their No. 1 priority.

Types of Fraud at the Point of Sale

Payment Security ConsiderationsThe term “fraud” covers a multitude of malicious activities, applying to the many ways bad actors try to get one over on credit card companies and their customers.

The advent of EMV security standards brought the hammer down on what used to be a commonplace form of point of sale (POS) fraud. In the 12 years since EMV protocols became the gold standard, instances of criminals stealing and counterfeiting plastic cards, or using them without permission, have seen a sharp decline. While that’s great news for businesses that have adopted EMV rules, merchants dragging their feet on following these best practices leave themselves wide open to fraud risk from card skimmers looking to score easy money.

These days, chargeback fraud is a bigger headache for merchants with up-to-date payment technology. This is the harder-to-fight gray area when people go to their bank instead of the merchant when disputing a payment for something they legitimately purchased. Because small businesses face an uphill battle trying to disprove chargeback claims and often lack the resources, manpower, and time necessary to devote to these issues, some might give up on the idea of even trying to fight back. But waving the white flag isn’t always the right answer because merchants with a large number of chargeback complaints could be branded high-risk and pay higher payment processing fees.

Online fraud is another area of concern. These days it’s all too easy for hackers to get their hands on stolen credit card account credentials on places like the dark web. But how successful these fraudsters are when trying to use the stolen goods depends on the security systems at play in a merchant’s payment platform. Sites fortified with fraud prevention tools that safeguard against cyberattacks can render stolen logins useless.

Advances in Security

Though fraud is an ongoing problem, there are things providers can do to help their merchants enhance their payment security profile.

Consider some of the leading encryption solutions available on the market and which one might be right for your clients. Some prefer reducing the PCI scope of compliance by going with PCI-validated point-to-point encryption. This option secures payment transactions by encrypting data in the POS device. Another option would be encrypting payment data outside of the POS hardware, known as end-to-end, or E2E, encryption.

You can also help merchants fight fraud with solutions that leverage databases of valuable intel on whether cardholders are repeat offenders when it comes to filing chargeback complaints and committing other types of online fraud. Service providers can also take advantage of other tools to strengthen payment security. They can look at historical data to look for clues, implement technologies to authenticate users, deploy pattern-recognition software, and invest in educating and training stakeholders.

New Regulations and Standards

There are other changes at play in the payment security sector. The PCI Security Standards Council will sunset the PCI Payment Application Data Security Standard this fall, replacing it with the Software Security Framework tailor-made to address the needs of today’s payments architecture and counter sophisticated cyberattacks.

SSF defines the security features that payment software must have but takes a different approach to security than PCI DSS. This enables faster time to market and security validation. SSF includes PCI 3-D Secure and the Customized Approach of PCI DSS v. 4.0, recognizing there are multiple ways to satisfy security objectives.

Now is a good time to ensure that the software you provide meets SSF requirements.

Adapt to Survive and Thrive

Trends in online fraud are always evolving, but players in payment security must stay one step ahead. With the security standards and available technology constantly being revisited and refined, it’s important for vendors to stay on the cutting edge and keep merchants up-to-speed on the newest developments.

Contact Datacap today to learn more.

Enhance Payment Security with Datacap!