The importance of anti fraud management system and fraud protection tools to protect online sellers from fraudulent payments in e-Commerce is huge. Unlike traditional trade, the Internet merchant accepting payments over the Internet can only hope that the person on the other side of the monitor is indeed the owner of the bank card and a conscientious buyer.
The payment data that the buyer enters on the payment page of the online store or mobile application is easy to steal, copy and use. To protect against fraudulent transactions, white label payment gateway beGateway offers its tenants three integrated fraud protection tools. Moreover, we also offer a possibility to connect any third-party instrument at the request of the payment service provider.
beGateway anti fraud management system and fraud protection tools
- beProtected is an anti-fraud management system developed by the eComCharge team
- minFraud Service from the MaxMind company is a system that estimates transaction fraud probability
- 3-D Secure is a cardholder verification technology
- Any other third-party system (integration required)
The joint use of all three systems (or at least two of them) provides reliable protection against fraud.
The beProtected anti-fraud management system is a system of filters and rules that define operation of these filters. beProtected is also a programme shell that provides an interface to configure settings of other security systems. To function properly, beProtected uses certain data collected by the technical capabilities of the payment form:
- The transaction data entered by the buyer on the payment page (card number and expiration date, cardholder’s name, postal and e-mail addresses, etc.)
- Data on the buyer’s electronic device with which the payment is made (name, version, the language of the operating system and the Internet browser, identification number, IP address, etc.)
beProtected extracts additional characteristics of the payment transaction from the collected data. For example, the card number gives information about the issuing Bank and its geographic location. The unique digital fingerprint is obtained from the data on the payer’s electronic device. And the IP address determines the geographical location of the network when the buyer was online. On average, beProtected collects and analyzes about 40 characteristics for each payment transaction.
The security rules that define operation of the beProtected filters are specified in the format “if… then” using logical “and” and “or”. All of which enables you to create scenarios for a payment transaction, depending on its parameters, either to be transferred to the acquiring Bank for further processing or to be rejected as excessively risky. In case of anomalies that require attention of a risk manager (the payment service provider employee), the system will automatically notify them.
minFraud Service from the MaxMind
minFraud Service from the MaxMind company is a system for assessing payment transaction risk on a scale from 0 to 100. A score of 0 points means that the payment transaction in question does not pose fraud risk. While 100 points indicates that the risk of fraud is unacceptably high.
minFraud Service is integrated into white label payment gateway beGateway billing software. The results of the payment transaction evaluation are transferred to the beProtected system to be used in its scenarios. Besides the security rules defined in beProtected, another independent source of information about risks of a transaction is the MaxMind assessment.
Whether to transfer the considered payment transactions to the acquiring Bank for further processing or to reject them is a decision made by the beProtected and minFraud Service systems. This first stage is when most fraudulent payments are identified and rejected.
At the next stage, when the payment transaction is transferred to the acquiring Bank, it is time for 3-D Secure.
3-D Secure is a technology of cardholder verification when making a payment via the Internet. This technology was developed by VISA, which then licensed it to Mastercard and other major international and local card payment systems.
Today this technology is mandatory for all online sellers and is known under different names (Verified by Visa, Mastercard SecureCode).
At the moment of payment acceptance, the payment service provider determines whether 3-D Secure technology is supported by the issuing bank and the buyer’s card. If so, a special iframe page of the issuing Bank opens directly on the seller’s website in the payment widget, where the buyer is to enter the payment confirmation code (learn more about the new payment widget from beGateway). This code is usually sent to the cardholder by the issuing Bank via SMS at the time of payment, or is generated by a special electronic device that the Bank provides along with payment cards.
If the buyer has entered the correct confirmation code, the issuing bank shall notify the payment service provider who, in turn, informs the acquiring bank and then the card payment system.
The whole process takes a few extra seconds, but as a result, you get the so-called “transfer of responsibility”.
If the payment transaction has successfully passed the 3-D Secure check, and if later the cardholder applies to their issuing bank with a chargeback request, claiming that the transaction was made without their consent, the responsibility for the transaction shall not lie with the acquiring bank or the online seller who accepted the payment, but is fully placed upon the issuing bank. What the issuing bank will do about the complaint, does not concern either the seller or the acquiring bank. For the online seller, it is important that no one take money from them for the goods or services they have already delivered.
In fact, under certain circumstances, the issuing bank may still be responsible, even if the confirmation code was not entered at all, or if the acquiring bank did not inform the payment service provider of its correctness. Therefore, 3-D Secure is very important for protecting online merchants from fraudulent payments.
However, it should be understood that 3-D Secure protects not so much from fraudulent payments themselves, but from financial losses associated with them. The complaint of the cardholder about an unauthorized withdrawal of money is still a complaint, even if the transaction has been successfully verified by 3-D Secure. Such complaints are not always unreasonable. Unfortunately, sometimes attackers gain access to verification codes and use them for their own selfish purposes. So, even if the online seller and their payment service provider are not affected financially, a large number of complaints can still spoil their relationship with the acquiring bank, all the way to disconnection from acquiring services.
When renting beGateway, use a comprehensive approach to protect your business and your online sellers’ businesses from fraudulent payments, and your risks will be significantly lower. As was already said, you can use the tools we offer to protect against fraud, or any third party instruments that we shall integrate for you.
Among other things, we offer all fraud protection tools as a separate module to your payment acceptance platform, without renting the white label payment gateway beGateway.