Protecting Ecommerce
Merchant Accounts Explained
Criminals are constantly on a lookout for opportunities to breach the security mechanisms of eCommerce merchant accounts and steal cardholder account information.
Among their favorite targets are the eCommerce website's shopping cart and the payment gateway that connects it to the acquiring bank's processing system.
The fraudsters usually attack web-based merchants that use weak or generic passwords. Once they gain access to the merchant account, they start processing fraudulent debit and credit transactions.
The fraudulent sales are usually equal or similar in total amount to the deposited credits, thus offsetting them. This is done in an effort to avoid detection by deposit-volume monitoring.
Implementing the following procedures will help eCommerce merchants protect their payment processing accounts against criminals prowling the web.
Best Practices for Monitoring your ECommerce Merchant Account
Merchants should perform daily monitoring of authorizations and transactions. They should be on a lookout for:
* Authorization-only transactions. A higher-than-usual number of such transactions may be an indication that a criminal is performing a vulnerability test on your website.
* Higher than usual number, average size and volume of credit transactions. As explained above, credits may be used by fraudsters to offset debits in an effort to avoid detection.
* Identical or similar transaction amounts (see above paragraph).
* Transactions that do not include customer identification information.
* Multiple transactions from the same Internet Protocol (IP) address.
* Transactions with similar account numbers. Such accounts may have been generated by a software for generating fraudulent account numbers (e.g. CreditMaster).
* Multiple transactions on a single account within a short period of time. This is a typical sign of fraud where a criminal is attempting to run up as much charges as possible within the limited time he or she has before the stolen account is blocked.
Merchants should regularly monitor their daily batches.
* Web-based merchants should review their daily transactions before they are settled.
* Merchants using the Address Verification Service (AVS) and the Card Security Codes should be on a lookout for transactions that have been submitted without an AVS or a CVV2/CVC2 request.
For better protection eCommerce merchants should regularly change their payment processing gateway's password.
For best results you should use a combination of letters and numbers with at least six characters. Also your password should be different from your user name.
Article Source: http://EzineArticles.com/?expert=Joe_Cole
Ecommerce News
