Payment fraud affects eCommerce stores at far greater rates than physical stores, and the rate of eCommerce fraud is currently increasing each year.
eCommerce payment fraud also represents a decent chunk of online revenue:
Out of every $100 in turnover, fraudsters currently snatch 5.65 cents. (Source)
And overall, costs the eCommerce industry billions each year:
By 2018, [Aite Group] expects [card-not-present fraud] will reach $6.4 billion, more than three times the $2.1 billion in losses reported in 2011.
– Internet Retailer
For small eCommerce merchants, fraud can be a significant loss for their business, eating into profits while the business is vulnerable and trying to grow. So how can merchants combat card-not-present fraud?
Verification tools such as 3D Secure can help merchants improve the authenticity of online transactions, and today we’ll look at a plugin that helps WooCommerce and Gravity Forms merchants use 3D Secure.
For merchants running brick-and-mortar stores, card-present transactions provide a fairly dependable and low-risk way of collecting money. The collection of a signature or use of the chip-and-pin system for purchases provides a layer of verification for the merchant: the customer can’t just know the card number, they must have the card present to use it for a purchase via swipe or chip. Merchants can also choose to verify a purchaser’s identity further by checking a signature against a photo ID.
However, for eCommerce transactions (card-not-present-transactions), signature, swipe, and chip verification are not present, and thus payment fraud is far more likely for eCommerce merchants. Without these additional verification tools, eCommerce merchants are subject to higher instances of payment fraud and to fraudulent chargebacks.
To combat these costly issues, merchants can use 3D Secure to verify transactions before accepting them. 3D Secure is a program created by credit card brands, and it uses consumers’ previous data to verify transactions in the backend while processing payments. Further, it allows merchants to get verifications from purchasers for suspicious transactions by requiring a password or additional information that is checked with the card issuer (Mastercard / Visa) for authenticity.
Therefore, when 3D Secure is in use, it shifts the liability from fraud away from the merchant to the customer’s card issuer instead, helping merchants reduce fraud and also ensuring that they’re not liable for fraudulent transactions if they do occur (since the transaction was already authorized and verified).
3D Secure is not intended to make the transfer of payment details more secure; instead, it combats payment fraud by adding verification systems to eCommerce systems so that their fraud-resistance is closer to that of a card-present transaction.
As a merchant, if you find that you encounter significant fraud or chargebacks, you may want to look into using 3D Secure with your payment processor.
There is typically one hiccup when you look to enable 3D Secure for your WordPress-powered eCommerce store: not many payment gateway plugins support 3D Secure transaction processing. Because of this, you may not be able to enable 3D Secure for transactions without the help of a developer, which can be costly.
PAAY was founded in 2014 to help solve this problem. It gives you a processor-agnostic way to use 3D Secure with your eCommerce site.
For example, without PAAY, your process would look like this:
- Decide you want to use 3D Secure with your payment processor
- Check your platform integration (ie your WooCommerce or Easy Digital Downloads payment gateway plugin) to see if it supports 3D Secure.
- Chances are it does not, so you hire a developer to add 3D Secure support.
On top of this, every processor handles 3D Secure a bit differently, so it’s not very easy to develop (and probably also contributes to the reason that not many plugins support it).
With PAAY, the process to use 3D Secure is more like this:
- Ensure PAAY works with your payment processor
- Contact PAAY to create an account
- Connect your PAAY account to your processor and gateway using your gateway credentials so that 3D Secure is added into the payment flow
- Install a PAAY plugin and connect it to your PAAY account (as PAAY has recently developed a couple WordPress integration plugins)
PAAY works with most major gateways like First Data, Chase Paymentech, Moneris, Global Payments, and Wells Fargo Merchant Services, so you can use it to connect to these payment gateways instead of using a payment gateway extension.
When connected, PAAY authenticates all transactions via 3D Secure, not just high-risk transactions. This reduces fraud and also helps to protect against friendly fraud chargebacks.
However, this doesn’t look the way you think it does at checkout. Many merchants are hesitant to incorporate 3D Secure because they think the 3DS pop up will be shown at every checkout:
This isn’t quite the case with PAAY. Using the updated version of 3D Secure that works with risk-based authentication, the majority of eCommerce transactions don’t need additional verification, as the verification process happens transparently based on the customer’s previous spending patterns.
As a result, the traditional 3D Secure pop-up that prompts for additional verification won’t be shown most of the time; transactions are verified in a way that’s transparent to the customer, but still shifts liability for fraud.
However, you can enable the 3DS pop up for that small minority of situations that would require additional verification, or you can leave it disabled depending on your preference for risk and liability.
You’ll enter your PAAY merchant credentials, which you can get from your PAAY account.
Your PAAY account is also where you’ll connect to your payment processor and configure some settings for the PAAY checkout form.
Once you’ve entered your credentials, you can finish setting up the WooCommerce plugin settings:
- if you’d like, you can enable the additional verification modal for the minority of transactions that need it, or keep it disabled if you never want it shown and will assume the risk for those transactions yourself
choose whether you want to use a modal window (pop up box) for PAAY’s checkout, or redirect payment to a hosted payment page. Both of these checkout processes let you adjust the colors and form appearance for your brand (can be done in your PAAY account).
Once you save your settings, PAAY will be available as a checkout option on your site.
When used, it will either open a modal window for payment or redirect the customers to PAAY’s website for payment (like PayPal standard) depending on your settings.
This gives you a seamless checkout system that will authorize transactions transparently, display a verification modal if needed and enabled, and process payments through your merchant account with your processor.
The configuration and usage of the PAAY plugin for Gravity Forms is very similar to the WooCommerce plugin. When installed and activated, you’ll be able to configure PAAY settings to connect the plugin to your account.
This will allow you to use a checkout form powered by PAAY in your purchasing form, decreasing fraud while providing a built-in payment option.
While PAAY is a great tool for fraud prevention and liability reduction, it does remove your payment processing from your eCommerce platform by a step. Since it takes the place of your payment gateway integration plugin, you may lose out on some features.
For example, if you use Authorize.Net via your PAAY account for WooCommerce, you can’t use features offered by comparable WooCommerce Authorize.Net plugins, such as:
- choosing to authorize or charge payments at checkout
- capturing authorized transactions via your WooCommerce admin
- refunding charges via WooCommerce
- processing eCheck transactions
- using enhanced checkout forms
- supporting recurring billing with WooCommerce Subscriptions (CIM only)
or other features. The cost of improved fraud prevention is a tighter integration with the eCommerce platform. If you process recurring billing or use features specific to your eCommerce platform, then PAAY may not be an option for your store, as you’d lose out on these features by replacing your payment gateway with the PAAY connector.
PAAY helps merchants reduce fraud, liability, and chargebacks using 3D Secure. PAAY currently supports Verified by Visa and Mastercard Secure 3DS verification methods, while Amex Safekey verification via PAAY is rolling out in the US in October 2016.
PAAY will also update to support 3D Secure 2.0 when it rolls out next year, providing better and more consistent support for Visa, Mastercard, and American Express transactions.
While PAAY provides a useful tool for merchants to reduce fraud and chargeback liability, you should be aware of the tradeoffs of using PAAY: since your payment processor is connected to PAAY rather than directly to your store, you may not be able to leverage all features that you could use with a dedicated connector plugin for your gateway, such as Subscriptions support. You’ll need to evaluate these features vs your need for liability shift and fraud prevention to determine if PAAY is a good fit for your store.