Ensuring the Safety of Online Transactions

In recent years, in parallel with the increase in internet penetration, the area of e-commerce and online transactions has evolved drastically, providing opportunities to benefit both merchants and customers. 

Online transactions mean online financial transactions performed to purchase a product, a service, or anything else, where no cash is being used. Instead, electronic cards, such as debit or credit cards, prepaid cards, electronic wallets, and online payment services such as Pay-Pal, are used to pay the merchant the required amount. 

How do online transactions work? Who are the parties involved in making such transactions happen? 

Most of us have used electronic cards physically by purchasing from any regular store or electronically through an e-commerce website. 

The entire transaction seems simple; the merchant sets the required amount to pay, you give your card's details, then authorize the payment after entering the card's pin code or the Card Verification Code (CVS). Therefore, for a successful online transaction, 6 entities are involved in executing the following 7 steps:  

1. The consumer gives the electronic card or payment service details and clicks the buy button to launch the process 
2. The payment aggregator or payment gateway, or its online relevance, which is the Point of Sale, connects the online store to the payment processor. to ensures that the merchant will be able to receive the customers’ payments 
3. The payment processor manages the transaction process by transmitting information from the customer’s credit/debit card to his bank and the trader's bank.  It deals with issues like card limits, credit card validity, security, and availability of funds. 
4. The electronic card networks perform a check with the card-issuing bank to validate the card details and authenticate the transaction. 
5. The card-issuing bank authenticates the payment request and lets the electronic card network know that the payment is authenticated for the specified amount. 
6. The electronic card network confirms the card validity of the online payment to the payment gateway. 
7. The payment gateway informs the merchant of the validity of the transaction, so the customer is free to take the goods. While the money is received by the merchant’s acquiring bank. 

The entire process is mainly performed in less than 3 seconds and is meant to be for the safety and benefits of both the merchant and the consumer. Also, at no point, the payment aggregator/processor interacts directly with the consumer’s or the merchant’s money as this is the role of the banks. 

However, we need to be aware that performing online transactions, requires very high vigilance from us, due to the different types of risks and frauds committed to gain money by doing fraudulent online transactions.  

The famous type of online transaction fraud is called card-not-present fraud or CNP fraud, where your information can be obtained online, through hackers using insecure or fake websites & data breaches, and used to make purchases without needing the card to be physically with them. This type of fraud is in tremendous increase where the estimated amount lost has reached 470 million British Pounds in 2019 as per Statista. 

Preventing online transaction fraud:

Fighting online transaction fraud is a complex process and requires actions from both merchant and consumer such as ensuring and verifying the customers performing the transactions are who they claim to be, and these actions can significantly reduce card-not-present frauds. 

Merchants and the consumer can have a great role in fighting CNP by applying the following measures: 

• Gather customer-related information, from email, address, credit card information, billing address, information about the device used to log in, IP address, Phone Number, all these data can assist in validating your consumer ID and can be used to dispute a chargeback. 
• Data protection practices: protecting consumer data is merchants’ responsibility, hence abiding by the PCI Data Security standards, by using online security tools such as Secure Socket Layer SSL, in addition to encrypting all data especially the one shared between the website and the customers. 
• Look out for very small transactions, fraudsters might use stolen credit cards to test them prior to a higher amount transaction.  
• Apply extra authentication, consumer and merchant can apply extra authentication to better verify the identity of the person who is performing the transaction, by enabling multi-factor authentication or by enabling what is known as factor authentication, or by activating KYX tools like email, IP analysis, and fingerprint. 

Similar to any other type of fraud, the best way to defend and protect yourself and your family from online transaction frauds is to be vigilantly prepared and knowledgeable, and by applying the minimum-security measures such as: 

• Protecting your computer from viruses and Intruders, by installing and maintaining a reputable anti-malware. 
• Using a prepaid debit card for online payment, with a limited amount, or a third-party service such as pay-pal 
• Securing your account by activating multi-factor authentication. 
• Not storing your credit card information online. 
• Ensuring the websites that you are using to perform the online transaction are safe, secure, and have a valid SSL certificate. 
• Ensuring that you have your SMS notifications active to report any transaction performed using your cards or accounts. 
• Not using a single click pay, always use websites that request passwords to verify transactions. 
• Not performing an online transaction using public Wi-Fi or a computer. 
• Not responding to any suspicious email requesting your account details. 
• Using different accounts and passwords for your online services. 

By the end, and in case your online transactions were compromised and you were a victim of online frauds, immediately: 

• Report this incident to your bank and ask to deactivate your electronic card. 
• Report and inform the Merchant so they do not fall victim as well. 
• Report to the authorities to the Information technology unit at Ministry of Interior in Qatar, email: it@moi.gov.qa Phone number: 2342000 
• Change your account’s passwords