The UK is the third most popular market for online shopping, behind only the US and China, and has the most advanced e-commerce market in Europe.

Domestically, internet sales make up more than a quarter of all retail sales with a value of nearly £700bn.

That’s a lot of money exchanging hands online, which is why online payment security is such a big issue for e-commerce businesses to get a handle on.

Ensuring payment security online isn’t just a responsibility businesses have for their customers (who trust them with highly sensitive personal information). It can have real commercial effects if a company fails with online payment security.

The fight for online payment security typically exists in three arenas:

  • Customer fraud
  • Online payment security
  • Compliance with laws and regulations

Fortunately, while securing online payments is a massive responsibility that can be daunting for many businesses, there are some simple steps any company can take to protect customers and ensure a secure environment for online payments.

In this article, online payment experts Handepay provide insight into how businesses can make online payments more secure.

Use 3D secure

3D secure (3-domain secure or payer authentication) adds additional verification stages to a transaction to prevent fraud online.

3D secure is a three-step process (because it involves three parties: the card issuer, the acquirer and the payment system)

The security works by sending customers an authentication or verification code on their smartphone when they try to make an online purchase.

Before the transaction is authorised, the customer must enter the number.

Use SSL certification to secure online payments (encryption)

Every website should have an SSL certificate, which can be bought when first buying the domain and setting up the site.

SSL is an encryption protocol that encrypts data sent through a website to ensure criminals can’t intercept it.

You can check if your website (or any website) has a valid SSL certificate because a locked padlock symbol will appear next to the URL in the main search bar.

Make sure your check-out requests the CVV number

This is pretty standard in online payments, but it does add an extra layer of protection for customers when paying online.

The CVV number is the three-digit code on the back of a debit card.

Your checkout process should require customers to enter this number when paying online, as it increases the likelihood that it’s not someone using stolen bank details.

Remaining PCI compliant

Payment Card Industry Data Security Standards are the industry guidelines for merchants, stating what steps should be taken when accepting online payments.

The guidelines state how businesses should set up their payment processes and checkout pages to make everything as secure as possible, including when merchant pages could be outsourced to a third party.

Remaining GDPR compliant

General Data Protection Regulations (GDPR) have been in place for several years now and dictate what steps businesses should take to protect sensitive customer information – like their payment details.

This includes creating audit trails of data collection, where and how it’s stored, and measures taken to protect it.

It also outlines how quickly a company must notify a person whose personal information has been accessed without authorisation.

Failure to comply with GDPR carries a heavy financial penalty of up to £17.5m or 4% of annual global turnover (whichever is higher).

Choose a secure payment gateway

A payment gateway is something your business will need if it’s to take online payments – this is the portal a customer will use to enter their card details before paying.

As such, you should take every measure to ensure your payment gateway is secure and is – at a minimum – PCI level 1 secure.

A secure payment gateway is another layer of security for customers. It adds a level of encryption to the transaction and requests authorisation from a customer’s bank (or card issuer) to confirm the transaction is legit.

Strong Customer Authentication

Strong customer authentication is a relatively new security requirement in the Payment Services Directive (PSD2).

As part of strong customer authentication, banks will be forced to carry out extra checks to confirm a customer’s identity when making payments.

This will include asking for two forms of ID at the checkout (you might have heard of this referred to as two-factor authentication.

It will require customers to complete two of three tasks to confirm their identity. These are:

  • Enter a password or PIN
  • Request a one-time passcode to their smartphone
  • Use biometric data like a fingerprint or face scan

Improving the online shopping experience with more robust security

As more customers become used to thinking online first when shopping, the need to improve online security will only grow.

Recent initiatives and security protocols, like strong customer authentication, are already coming to protect businesses and customers from the risks of online payment fraud.

As a business, there’s a big responsibility to provide a safe and secure online shopping environment so shoppers can browse and buy with confidence, safe in the knowledge their private payment details won’t be stolen.

Failure to comply with this responsibility could have severe commercial and reputational consequences any business might not recover from.