ETA Brief: Shopping Online Securely During COVID-19
In light of the COVID-19 public health emergency, ETA is creating materials to help consumers, merchants and payment professionals understand the ways the payments technology industry stands ready to assist.
The COVID-19 public health emergency has forced millions around the world to change their behavior in order to protect their communities, loved ones and themselves. Increasingly, consumers and businesses alike are relying on digital services to support their needs and help them maintain a sense of normalcy.
eCommerce is a valuable tool that allows consumers to reduce in-person activity. From online ordering to food delivery to subscription payments for entertainment services, consumers have options available at their fingertips to stay supplied and stay safe.
Consumers have been using eCommerce for decades, but how can they be assured that their data is secure? Payments technology companies – financial institutions, payment processors, technology companies, payments service providers – provide the infrastructure through which money can safely flow in eCommerce settings. Here’s what consumers need to know about eCommerce and payments security:
How are card payments accepted online?
Online payments are very similar to face-to-face card payments, with a few key differences. Like a face-to-face card transaction, when consumers buy something online from a store, payments companies instantly and securely transmit their data to financial institutions in order to authorize the movement of money from the consumer’s bank to the merchant’s bank. For face-to-face transactions at a store, merchants use terminals that are designed to transmit this data quickly and securely. It is the same online, except instead of using a terminal, merchants use a “payment gateway.” Payment gateways are online payment portals that are used to accept card details, transmit them securely and authorize transactions.
Merchants can use payment gateways to accept multiple types of payment: credit cards, debit cards, prepaid cards and mobile wallets like Apple Pay, Google Pay and PayPal.
Are online payments secure?
Yes! Payment gateways adhere to rigorous security compliance standards set by the Payment Card Industry Security Standards Council (PCI SSC). PCI compliance ensures that payments companies and merchants are safely transmitting consumer payment information including card numbers and security codes. eCommerce businesses big and small, and in all verticals from retail, to restaurants, to delivery and entertainment, comply with PCI standards because those standards protect their business, their ability to take cards and, most importantly, their customers’ information.
Payments companies also deploy advanced technologies that keep customer information safe. Tokenization, which is common in eCommerce environments and in-person EMV “chip” and mobile wallet transactions, removes sensitive information from a transaction. Tokenization replaces customer data with a unique identifier that cannot be mathematically reversed. In its simplest form, it works like a code substituting symbols for important information like a credit card number.
In a tokenized environment, because actual account numbers are replaced by tokens that cannot be tied back to the actual number, if a data breach occurs, the criminal only sees the tokenized code. That code is useless to them, because it cannot be used to generate a subsequent fraudulent transaction. It also allows merchants to safely and securely store payment information for repeat use online, maximizing convenience for consumers.
Payments companies also deploy artificial intelligence to protect transactions online. Artificial intelligence and machine-learning algorithms are used for real-time examination of each transaction for indicators of fraud, all in about one millisecond.
AI helps payments companies detect anomalies in behavior for a particular customer and their bank account. AI allows banks to flag a pending transaction and then follow up with the cardholder in real-time for further information about the transaction in question. This technology helps payments companies prevent fraud from happening online while keeping good transactions flowing.
And if consumers are nonetheless the victims of fraud, they can be confident they will still be protected. Above all, the payments industry is committed to protecting consumers. That’s why consumers are never liable when they are made victims of fraud online or offline. If a consumer believes they are the victim of fraud, they should immediately contact their credit card company.
How can I be mindful of security while shopping online?
It is a sad fact of life that fraudsters often look to exploit crises to defraud consumers. Recent reports have highlighted the use of COVID-19 related scams and phishing attacks to gain unauthorized access to consumer device. Whether in a global crisis or not, the payments industry is engaged in a 24/7 x 365 around-the-clock fight against fraudsters online and offline – some of those steps are highlighted above.
In these times, however, there are steps consumers can take to protect their own data from exploitation.
When in email, avoid opening emails or downloading attachments from unknown sources. Be sure not to click on links from these sources as well – these links are used to install malware on your device.
When in doubt, double-check by verifying unexpected attachments or links from known senders by contacting them some other way.
Fraudsters often use emergencies to provoke quick responses in potential victims. Be skeptical of emails written with a sense of urgency and ones that request an immediate response, and be vigilant for emails with poor design, grammar or spelling.
Make sure you double-check that an email’s “sender name” corresponds to the correct email address – fraudsters will often “spoof” names to gain your trust.
On the web, make sure login pages and payment pages online are encrypted with a valid digital certificate. You can easily know because these websites will have a green padlock displayed in the URL field and will begin with “https”.
For more information regarding COVID-19 online scams, we recommend this guide from Forbes.
The payments technology industry stands ready to assist consumers support their communities and themselves as they seek to limit the spread of COVID-19.