Tick the box, protect the payment
One can buy and sell almost anything online today, even personal protective equipment and insurance – but eCommerce has its own set of risks and challenges. JACO DE KLERK investigates.
In the early days of the Internet, people had the idea that they could just put up a website and the profits would come pouring in. But as PayGate MD Peter Harvey says, they soon realised they would have to put in a lot more effort.
PayGate was established in 1999 with the intention of providing simple online payment solutions. “Our aim is not to help with search optimisation or create online shopping carts,” says Harvey, “but to make sure that when merchants have gone to the effort of securing an online sale, they will get paid.”
It was initially the norm for organisations to handle online payment processing in-house, even the 1990s. “They would spend millions on payment processing systems that merely linked online transactions directly to the banks,” says Harvey.
After the South African Reserve Bank set out certain requirements that these systems had to comply with, which MasterCard and Visa originally adopted, industry players were forced to follow suit. This put strain on many companies since online commerce wasn’t their core business.
“Even organisations that traditionally handled online payments in-house are now outsourcing these services to payment gateway systems,” says Harvey.
Companies that typically only had credit card payment facilities could now offer clients a variety of different payment options, making things easier and more convenient for them.
Another motivation for outsourcing online payment solutions is that the market has matured. “New companies that are starting to transact on the Internet shouldn’t even consider doing online transactions in-house,” says Harvey. “There are a lot of payment gateways out there, all offering a variety of products and services that will enable a business to get up and running quickly and easily.”
PayGate is one such company. “We’re a specialist online payment service provider,” says Harvey. “Our mission is to make it easy for people and businesses to pay and get paid online, in a secure and reliable environment.”
This means PayGate’s market is anyone who wants to process a transaction online. The company typically focuses on the tourism industry and airlines. But, as with physical commerce, virtual business has risks of its own – with online fraud being the biggest risk.
Statistics show that 80 percent of merchants are targeted at one time or another, with some being more vulnerable than others. To address this, PayGate introduced 3D Secure, an online PIN system originally implemented by Visa
and MasterCard, which is free to merchants and made active simply by ticking a box on a form.
Importantly, this system shifts fraud liability to the banks. “We were one of the first gateways in the country to implement 3D Secure in South Africa, starting in October 2006,” says Harvey. He admits that if anyone had asked him in November 2006 how successful the system would become, the answer wouldn’t have been too positive.
“With 3D Secure introducing a number of extra links in a payment chain that wasn’t too stable, there were a lot of issues and technical problems,” he says. “But it got better and better as it matured.”
How much better? In the early days, 60 percent of all 3D Secure transactions would fail or be abandoned. This dropped to about 35 percent in the middle of 2011.
This decreased even further, to less than 20 percent, when a one-time PIN function was introduced that some of the major banks are now using in conjunction with 3D Secure.
Harvey explains that when a card issued by a bank is used on the payment gateway, the programme sees it as a 3D Secure transaction and sends it to the bank for processing. The client will then receive an obscure password via SMS, which they then only have to insert once.
Passwords are needed for security reasons, but with all the scams out there, people are becoming more cautious about entering passwords online – but as Harvey says: “If you see a screen that has your bank’s details on it, and you receive the one-time PIN on your mobile phone, your level of trust increases.”
However, no system is absolutely foolproof – not even 3D Secure. No-one can rely on just one form of protection when it comes to online commerce. To this end, PayGate has a separate screening service called PayProtector, which looks for fraud and risk patterns.
This service offers an extra layer of protection and involves screening every transaction for certain fraud indicators. Harvey explains that most American banks, for example, aren’t enrolled in 3D Secure – which can put local online merchants at risk. If someone steals an American credit card and tries to buy something online from a merchant in South Africa, they won’t be prompted to enter a 3D Secure PIN.
To address this risk, PayProtector examines a card to see if it has ever been used fraudulently by screening the entire transaction. This involves checking such as telephone numbers, e-mail and IP addresses, cardholder names and PIN numbers. “PayProtector scans the card and determines if it is a potentially high-risk transaction or not,” says Harvey.
Suspicious transactions are blocked or flagged for review. This system is constantly improving since the company is learning more and more about fraud patterns every day. To date, it has reduced fraud associated with online airline transactions by nearly 90 percent.
There is a small cost, but the system is extremely economical when one compares the potential costs of loss through fraud.
“Payment processing doesn’t have to be difficult, but people seem to go out of their way to make it complicated,” says Harvey. “All we want to do is take money from the client and give it to the merchant in a safe and reliable manner.”