By now, almost everybody has heard the funny, but the unprintable adage about what happens when one makes assumptions. That adage is meant to deter people from accepting “facts” at face value without investigating the truth behind them. When it comes to the payments space, the assumption that online payments are not as safe as physical transactions continue to cause confusion. However, the reality is, online transactions are not only safer for customers to complete than their physical counterparts; new developments have made them safer than ever. Unraveling a few common misconceptions and misperceptions should make that crystal clear.
Misconception: Card numbers stolen online are more valuable to thieves than card numbers stolen from brick-and-mortar locations during physical transactions.
In an interview posted on his blog several years ago, security expert Brian Krebs of Krebs on Security noted that the opposite is true. In fact, he pointed out, online data breaches occur only 1/20th as frequently as breaches of bricks-and-mortar databases. This, he explained, is largely because data from physical credit cards is far easier to manipulate, sell, and use than its digital counterpart.
How is this possible? For one thing, it is easy for criminals to sell stolen physical cards in underground online “card shops.” According to Krebs, the physical cards, which can then be used to purchase goods in-store, bring a reward of 10 times the price of credit card information stolen from online merchants. Thieves can then take the stolen cards to stores, buy high-value items like electronics, and leave the store before anyone notices that something is not right.
Conversely, it is difficult for criminals to leverage card data that has been stolen online. First, they must find an online merchant whose policies allow for shipping goods to a different address than the one to which a credit or debit card is registered. Even if they are successful, they must identify a place from which to mail any stolen goods they intend to sell for a profit. The effort involved here gives purloined physical cards greater worth to thieves than information stolen online—making criminals more apt to stick with stealing them and less likely to engage in the theft of online card data.
Misconception: Security measures that apply to physical credit and debit cards are much more stringent than security measures that apply to online card data.
Again, reverse that thought. Employees of physical stores often make the mistake of failing to follow card security measures, like checking to see whether customers have signed the back of their card or requesting some type of identification to confirm that cards are being used by their rightful owner, not by a criminal.
Meanwhile, when purchases are executed online, checkout security features govern the process and safeguard the card data, significantly decreasing the likelihood of a breach. For example, online transaction data (i.e., card account numbers) is securely funneled through secure socket layers or SSLs. This ensures that it is encrypted (unreadable by the human eye) and therefore protected against data breaches.
Misconception: There isn’t much else payment solutions and processing service providers can do to make online transactions safer.
Reputable payment processors like E-Complish follow regulations mandated by the Federal Trade Commission (FTC) to preserve the security of online data. They are also compliant with the Payment Card Industry Data Security Standard (PCI DSS), a stringent set of measures merchants, payment processors, and credit card service providers must exercise in order to preserve the security of consumers’ credit card information and prevent fraud.
New requirements add to the security of online transactions. For instance, the new California Consumer Privacy Act (CCPA) mandates that merchants “implement and maintain reasonable security procedures and practices” in safeguarding consumer data, including data card data as it is being utilized online. California is only the first U.S. state to enact a law like the CCPA; legislators in other states are reportedly pursuing similar legislation. Federal privacy legislation is also reportedly in the works, according to organizations like the Council on Foreign Relations. Such legislation may bring to the table other requirements not contained within the CCPA and add more safeguards to online transactions.
Click here to find out more about how E-Complish securely processes transactions, and/or to schedule a consultation.