You are here: News / Comment: Online retailers - How to build 'trust' online
Comment: Online retailers - How to build 'trust' online
Archived article dated Thursday February 26th 2009
The biggest unknown in e-commerce is trust - between customer and merchant, and vice-versa.
By Alessandro Hatami
The customer parts with card details, trusting the merchant to take the funds and dispatch the goods promptly. For its part, the merchant trusts that the customer is indeed the authorised card holder. When fraud does occur, however, it causes tremendous upset for merchant and customer alike. The merchants do, in the main, view fraud as someone else's problem: according to a survey of smaller online retailers we commissioned over the summer, over eighty per cent of respondents said either banks, payment companies or card issuers should deal with it.This, sadly, is not the case. If a customer experiences fraud on a particular site, they are unlikely to return. Perhaps for this reason, consumers still overwhelmingly gravitate towards the bigger online retail names, putting lesser-known names at a disadvantage. It is, however, possible to turn back this tide, building trust with customers and protecting the business from excessive fraud claims. The keys to online trust are to be found in the payment platform which handles the money.
Doing the detective work
First, let us dispel a myth: eradicating fraud altogether is impossible. Luckily, a great deal of it leaves telltale signs, which one can discern quite easily. For example a simple check involves ensuring a match with the CVV (cardholder verification value) code printed above the signature strip on the card. This ensures that the buyer is actually holding the card. Discrepancies between the cardholder's address and the dispatch order for the goods, is another key indicator. One can take this one step further, by cross-checking the geographic location of the customer's computer IP address and matching this with the card's country of issue. These are just a few of dozens of different checks and tests that can be performed. Yet in an environment where one might be processing hundreds, if not thousands of transactions every day, it is simply not practical to check each one manually. The online payment system needs to be able to carry out many of these checks automatically, and produce a live assessment of each transaction, ideally before the funds change hands.
This real-time insight is vital: if a transaction that had been accepted is later declared as fraudulent, the burden of proof lies on the merchant to prove its legitimacy. So, any detective work which can be done before payment is actually made will help retailers drastically reduce their exposure. To contain the damage caused by the few instances of fraud that do slip through the net, retailers need to be ready to defend their due diligence to the card issuers. The 'Chargeback' mechanism used by card issuers to recover losses due to fraud requires the retailer to show that all reasonable checks were carried out at the time of sale. To fail to provide detailed, documented evidence is to elicit the suspicions of the card companies. Persistent offenders risk being 'blacklisted' - suspended altogether from accepting card payments.
Setting the standards for payment protection?
In response to ballooning levels of fraud across the globe, card issuers are developing standards and technologies to prevent card data theft, and create more barriers for counterfeiters. Two initiatives in particular stand out: the Payment Card Industry Data Security Standard (PCI DSS) and 3D Secure. Both should be viewed as de facto requirements for any e-commerce site, but neither is particularly straightforward to implement unaided. Using an externally hosted payment platform which already supports these capabilities, does, however, make the merchant compliant by default. In other words, outsourcing the payment platform can do the job of compliance for you.
PCI DSS sets stringent technical requirements for ensuring cardholder data is encrypted and stored in highly secure systems, to minimise any possibility of it being stolen. It has been mandatory for all retailers since June 2008, but securing compliance is no easy feat. This is especially the case for online retailers: the standard is particularly exacting when it comes to the security of online payment applications.
The second of these industry initiatives is 3D Secure, better known by its brand names, Verified by Visa and Mastercard Securecode. This adds an extra layer of authentication to the payment process by prompting the cardholder to enter a secret PIN code before the transaction is finalised. Since the code is supposed to be known only to the cardholder, it offers a solid liability shield for the merchant. If they can show a disputed transaction was 3D Secure approved, they won't in most cases be liable for a penny.
Building trust with the customers
Using payment technology to manage fraud risks and limit liabilities is all well and good. The final piece of the puzzle lies in demonstrating this trustworthiness to customers themselves. According to our survey, over ninety per cent of online shoppers look out for at least three different online security features, such as the padlock icon in the browser tray, or a 'Verified by Visa' logo, before clicking 'pay'. However, we also found that four in five would 'trust' a site that was clear and easy to use - regardless of its security features. Clearly displaying these hallmarks - and those of the payment provider used, will do much to allay consumers' concerns over security and fraud.
By way of a final note, it is worth bearing in mind that in today's tightening economic climate, consumers may be drawn more than ever to sites with offers that could be, quite literally, too good to be true. People need to stay on their guard against criminals - and the retail sector as a whole has a role to play in educating the public to be on their guard.
Alessandro Hatami is managing director of PayPoint.net
Tagged as: online fraud | epay |
Share this article:
Should your colleagues be reading the Retail Bulletin?
Let them know about us.
