Security Best Practices: Built-In Fraud Prevention Tools
Security Best Practices: Built-In Fraud Prevention Tools
Security Best Practices: Built-In Fraud Prevention Tools
Warning: Failure to adequately implement fraud prevention tools could result in losses
for your company. Settings for standard account security tools must be properly
implemented. For questions or assistance establishing your fraud prevention settings,
please contact Authorize.Net Customer Support.
More information on AVS is available in the Address Verification Service help file located in
the Merchant Interface Online Help Files.
www.authorize.net
P.O. Box 8999, San Francisco, CA 94128-8999
Toll-free at 866-437-0491 E-mail: [email protected]
transaction according to your configured settings. Since the card code should only
be known to the person in possession of the physical credit card, these additional
numbers provide an extra measure of security against unauthorized credit card
transactions.
More information is available in the Card Code Verification help file located in the
Merchant Interface Online Help Files.
www.authorize.net
P.O. Box 8999, San Francisco, CA 94128-8999
Toll-free at 866-437-0491 E-mail: [email protected]
Password-Required Mode
Password-Required Mode is a required security setting for merchants who submit
transactions via AIM, SIM, or exclusively via Virtual Terminal or Batch Upload. When
placed in Password-Required Mode, the payment gateway requires an authentication
value for each transaction submitted for your payment gateway account. Any
transaction submitted without proper authentication will be rejected by the payment
gateway.
If you integrate to the payment gateway via a shopping cart or third party solution,
please contact your solution provider to confirm that you are passing your payment
gateway transaction key or fingerprint with every transaction.
More information is available in the Password-Required Mode help file located in the
Merchant Interface Online Help Files.
www.authorize.net
P.O. Box 8999, San Francisco, CA 94128-8999
Toll-free at 866-437-0491 E-mail: [email protected]
AFDS is an extremely affordable and easy-to-implement option to help prevent costly
transaction fraud from occurring on your account. You can sign up for AFDS through
the Merchant Interface or call Sales Support at 866-437-0476. For more information,
see the AFDS White Paper at http://www.authorizenet.com/files/fdswhitepaper.pdf
or the AFDS Case Study at http://www.authorizenet.com/files/CS_FDS_0305.pdf.
To learn more about the different levels of PCI compliance and about Trustwave’s
services, please see http://www.atwcorp.com/pciDataSecurityStandard.php.
If you are currently using WebLink to submit transactions to the payment gateway,
you are strongly encouraged to convert to AIM. For more information on AIM,
please see the Connection Methods Guide located at http://www.authorize.net/files/
connectionmethodsguide.pdf.
www.authorize.net
P.O. Box 8999, San Francisco, CA 94128-8999
Toll-free at 866-437-0491 E-mail: [email protected]
standards for submitting transactions to the payment gateway and allow you to
submit secure transactions without having to do a lot of development and integration
work yourself. View the list of Authorize.Net certified third-party solutions at http://
www.authorize.net/cscdir.
Regularly Change Your User Account Password and Secret Question and Answer
You can significantly strengthen your payment gateway user account security by
changing your password and secret question and answer at least every 45-60 days.
Both your password and your secret answer are used to safeguard your user account
and should NOT be shared with anyone.
For more information on password security, see our Password Policy White Paper at
http://www.authorize.net/resources/files/PasswordPolicy.pdf.
Because your API Login ID and Transaction Key are highly sensitive security values
that allow you to submit transactions to the payment gateway, they should be not be
shared with anyone and should be stored securely. Your Transaction Key should be
changed regularly to further strengthen the security of your account.
If you have reason to believe that your API Login ID has been compromised, or you
suddenly experience an unusual amount of suspicious transaction activity, call
Customer Support at 877-447-3938 immediately to have it reset. You will need to
update your Web site integration with the new API Login ID immediately to avoid a
disruption in your transaction processing.
More information is available in the API Login ID and Transaction Key help file
located in the Merchant Interface Online Help Files.
You can automate this fraud prevention process by signing up for AFDS and
configuring the Shipping-Billing Mismatch Filter.
www.authorize.net
P.O. Box 8999, San Francisco, CA 94128-8999
Toll-free at 866-437-0491 E-mail: [email protected]
Monitor Your Transactions
Constant monitoring is the first step toward detecting suspicious transaction activity,
particularly if you accept international transactions. It is highly recommended
that you regularly review transactions, monitor unsettled transactions, and
void any suspicious transactions before your account’s daily transaction cut-off
time. Be especially aware if your account receives a higher-than-usual number
of transactions, transactions with random amounts ranging from one penny to
thousands of dollars, or transactions with differing billing and shipping addresses.
These types of transaction activity can be a signal that online credit card fraud is
being attempted against your account. If you suspect this is the case, place your
account in Test Mode or contact Customer Support for additional help.
Install a Firewall
A firewall is a hardware or software solution that monitors the activity of external
connections (primarily the Internet) to an internal network of servers. Firewalls help
to eliminate unauthorized or unwanted external activity and safeguard your network
and connections from outside threats.
www.authorize.net
P.O. Box 8999, San Francisco, CA 94128-8999
Toll-free at 866-437-0491 E-mail: [email protected]
Avoid File Sharing
Share access to network drives and individual computers only with needed,
trustworthy users. Especially avoid sharing access to files that store passwords and
other confidential or sensitive information.
About Authorize.Net®
Authorize.Net, a CyberSource solution, provides call centers and on wireless devices.
secure, reliable, payment gateway solutions that Authorize.Net is sold through an extensive network
enable merchants to authorize, settle and manage of reseller partners and financial institutions that
electronic transactions anytime, anywhere, via offer its industry leading payment services to their
websites, retail, mail order/telephone order (MOTO) merchant customers.
www.authorize.net
P.O. Box 8999, San Francisco, CA 94128-8999
Toll-free at 866-437-0491 E-mail: [email protected]
WP-SECBP-0712
© 2005, 2012 All Rights Reserved. Authorize.Net and related marks are trademarks of CyberSource Corporation, a Visa
company. All other trademarks are the property of their respective owners.