/
March 23, 2016
mm Written by:
Andrew Edem

Information Security Officer and Head of Engineering

Payments mix can reduce risk

If you’re selling something over the Internet, how do you accept payments? Do you rely on credit card transactions alone, or do you offer the option of using alternative payment methods? For much of the English-speaking world, credit cards are the most popular form of payment for goods and services online, with e-commerce spending on UK-issued payment cards totalling £11.9 billion in November 2015 alone . This popularity has drawbacks, though, as fraudsters prefer to target the most widely used payment methods as they can therefore target more transactions and payers using a single attack method.

This is especially problematic for credit cards transactions, as they fall into the category of pull payments, where a merchant initiates payment by “pulling” using sensitive payment data entered by the customer. This type of payment is inherently insecure as the merchant has all of the data necessary to perform a transaction and, once stored, the data is at risk of being stolen or leaked.
One way for merchants to minimise the risk of data theft is to use a combination of payment methods. Push payment methods, where the customer initiates payment, are less risky than pull payments because the merchant does not need to collect any sensitive payment data from the customer. Instead, the customer enters it directly on their bank’s website. iDEAL, used by almost two-thirds of shoppers in the Netherlands, is just one example of such a payment method.

This approach can also help to reduce exposure to chargebacks due to fraudulent purchase with stolen cards. In such cases the merchant is forced to refund the cardholder, usually after the goods have already been delivered. With push payments, chargebacks are not possible as the transaction is securely authorised by the payer. This not only protects the merchant from financial loss, but also allows for higher conversion rates as merchants do not have to worry rejecting orders to protect themselves from fraudsters.

Although push payments are more secure, and potentially make collecting payments simpler for merchants, the customer is responsible for initiating and approving each payment. This can lead to increased administration and effort on the part of the merchant, since it is not possible to perform recurring payments without interaction from the customer.
Regions of the world where credit card use is low or non-existent employ a number of alternative payment methods; these can be combined with more traditional methods to meet local needs, improve conversion rates, and enhance transaction security. While there is always likely to be a trade-off between convenience and security when it comes to online transactions, there are a number of points for merchants to consider when trying to find the ideal balance.

1. Offer a mixture of pull and push payment methods: provide options such as invoicing, prepayment, and real-time bank transfer in addition to credit card payments.
2. Understand your customers: being aware of buying habits can help identify unusual behaviour, giving the option to check if a credit card transaction is fraudulent.
3. Work with a Payment Services Provider: working with an expert can be particularly helpful for smaller merchants to help identify options and minimize the repercussions of a fraudulent transaction or data breach.

Back to all Articles
Tags:
alternative payment methods | APM | credit cards | risk