How to Make Sure Your Online Payments Are Secure in 4 Easy Steps

Chances are, if you want to take your business online, you’ll want to accept eCommerce credit and debit card payments. Paying with debit and credit cards is consumers most preferred method of payment, and thus are an essential part of any business’ model.

Online Shopping Payment



Unfortunately, your eCommerce payment options also create a significant point of vulnerability for fraudsters to either make purchases with stolen cards, or for them to compromise your system and obtain your customer’s sensitive card data. Thankfully, however, there are a few easy steps you can take to significantly improve the security of your online payments system.


  1. Get an SSL Certificate on Your Payment Page

One of the biggest vulnerabilities a small business that is going online can face is to have their website hacked, and as a result all of their customer’s credit and debit card information compromised. One way to make it significantly tougher for hackers to access your customer’s data is to enable SSL security on your checkout page.   SSL is an acronym for Secure Sockets Layer. In plain English, it’s a secure method of connecting your customer’s web browser to your shopping cart or payment page to better ensure that the transmission of your customer’s data is kept safe from the prying eyes of hackers. Additionally, it has the added benefit of making your customers feel safer about entering their card data on your website, which will increase sales.

What is an SSL certificate

Source: GlobalSign (

  1. Require CVV and AVS Matching On All Payments

Sadly, there’s a thriving black market of stolen credit cards available for purchase by scammers online. The scammers will try to use the stolen credit cards they purchase on your website in an attempt to obtain your products or services for free, or sometimes to test the stolen credit card before making a large purchase on another website. The reason this is such a problem for you as the business owner, is that not only have you provided the product or service essentially for free, but eventually when the legitimate owner of the credit or debit card notices the fraudulent charge they will initiate a chargeback, which will end up costing you additional fees.


In either case, one easy way to limit that possibility is to require that your customers enter the three digit security code (called CVV) on the back of their credit or debit card and their zip code (called AVS) whenever making a purchase. Then you can configure your payment gateway and checkout page to confirm that these two match the actual card holder’s information before the sale successfully processes. The reason this is so effective, is that for the vast majority of scammers who buy stolen credit cards, the CVV code and AVS information are not included. Thus, the scammers will not be able to successfully purchase anything through your shopping cart.


  1. Geo-Limit Transactions to Your Target Audience

Much of the worlds scammers are based in third world countries, where most businesses have few, if any current or expected customers. So one effective way to secure your online payment process is to limit purchasers and the ‘ship to’ location to only countries where you actually expect to have customers. It’s important to limit both the purchaser’s IP address, and the ‘ship to’ address, because that way you’re protected even if the foreign scammer has arranged for the goods to be shipped to a location domestically, or alternatively if they’ve managed to obtain a US citizens credit card and are trying to ship the product overseas.


The downside to doing this, of course, is that if you did get a large legitimate purchase from outside your expected geographic range, the payment gateway would block it. If this concern applies to your business, there are two options to deal with this possibility. The first, is simply to include a message that customers outside of your target countries must make their orders over the phone (in which case you can manually bypass the geo-restriction), and the second is to not block these foreign transactions but simply flag them for manual review in your payment gateway.


  1. Flag Suspicious Transactions for Manual Review

If you normally sell products for $100, and just received an order for $3,000, that might mean you’re going to have a great day. But it might also mean that you’re getting targeted by a scammer. So, it’s a good idea to configure your payment gateway and shopping cart to automatically flag and notify you to manually review any transactions that fall outside of your normal price range, as well as whenever multiple transactions are made with the same credit card or shipping address within a short period of time, and finally whenever there’s a transaction in which the person’s card information was initially declined more than twice (indicating the person might be guessing at the cardholder’s zip code for example).

Flag Suspicious Online Payments

Source: ispyfraud (


Any of these factors occurring doesn’t necessarily mean that the sale is fraudulent, so you don’t want to automatically block these transactions entirely. Rather, you’ll likely want to set them for manual review. These manual review alerts can be configured in your payment gateway to automatically notify you, so that you can examine the transaction closely, and call the customer for additional verification purposes if you feel the need.



The vast majority of businesses that sell products online will never face an incident of fraud. However, when it does occur it can be incredibly time consuming and destructive to the business. And given that eCommerce based fraud roughly doubled  in the three years following Australia’s transition to EMV chip card technology, the recent switch of the United States to EMV indicates that the rate of fraud may be about to rise in the US as well. Given all that, it makes sense for any business considering accepting payments online to take some of the basic precautions outlined above in order to minimize their business’ vulnerability.


About the Author

Brad Martin is an editor with Soar Payments, a merchant account provider that includes fraud protection as part of its merchant services packages. To learn more and read the latest about Soar Payments, visit the company’s Twitter page (

Similar Posts: