How Payment Gateways Protect Against Online Fraud

E-commerce involves “card not present” (CNP) transactions, which are transactions where the cardholder cannot physically present the card for a merchant’s visual examination at the time that an order is given and payment effected. Fraudsters target online businesses to take advantage of CNP transactions to make payments with stolen credit cards or to commit identity theft.   

Source: CyberSource

To help businesses protect themselves and their customers from online fraud, the Payment Card Industry Security Standards Council (PCI SSC) — a forum of global brands including Visa, MasterCard and American Express — has developed a set of best practices to safeguard consumer data. 

Complying with these standards, i.e. PCI compliance, is not optional for online retailers and is strictly enforced. FAC provides the following services that fall within the PCI standards to ensure your business and customers are protected against online fraud. 

Address Verification Service (AVS)  

When customers purchase items, they need to provide their billing address and ZIP code. An AVS will check if this address matches with what the card-issuing bank has on file. The payment gateway can send a request for user verification to the issuing bank. 

The AVS responds with a code that would help the merchant understand if the transaction has a full AVS match. With this service, merchants can automatically screen and process transactions through in real-time, empowering them to act immediately, if need be, to manage possible CNP fraud. 

If they don’t match, more investigation should be carried out by checking the CVV (Card Verification Value), email address, IP address on the transaction, or allow the merchant to decline the transaction. 

Card Verification Code (CVC) 

The CVC (or Card Verification Code) is the 3 or 4-digit security code that is on every credit card. PCI rules prevent merchants from storing the CVC along with the credit card number and card owner’s name, so it is virtually impossible for e-commerce fraudsters to obtain it unless they’ve stolen the physical credit card. FAC includes a tool to require CVC as part of their checkout templates.  

If an order is placed on your website and the CVC does not match, you should decline the transaction.   

Payer Authentication (3-D Secure) 

Payer authentication, also called Verified by Visa and MasterCard SecureCode, is a cardholder authentication measure that secures online transactions for customers.  

This method allows cardholders to create a PIN (secure code) that can be used during checkout to confirm the user’s identity. By implementing this, merchants are provided chargeback protection and often, lower interchange rates. 

The advantage of 3-D Secure is that the merchant can identify the enrolment status of the cardholder and their issuing bank prior to the payment authorization. This allows merchants to predetermine chargeback liability shift rights on the pending transaction before it is authorized and settled. 

Fraud Scoring Model 

Risk scoring tools are based on statistical models designed to recognize fraudulent transactions based on a number of rules. When a payment is made on your website, the tools will indicate the probability of the transaction being fraudulent. If a transaction has a high score – a high probability of being fraudulent – it is automatically rejected. 


Kount uses a global data network and advanced Artificial Intelligence (AI) to deliver quick and accurate identity trust decisions for safe payments, account creation and login events, while reducing digital fraud, chargebacks, false positives, and manual reviews. 

Kount’s Identity Trust Global Network uncovers the true level of trust behind interactions where other solutions often miss fraud, create false positives or have unnecessary friction due to limited datasets and lack of real-time AI. 

All of FAC’s e-commerce fraud and risk management solutions are available to merchants, banks and gateways, independent of card transaction/authorization.