By Brad Barnes of 3Delta Systems, Tribute's Secure Payment Solutions Partner
Would you, as someone selling goods or a service, refuse to do business with someone because of what state they lived in?
Of course not.
But what if I told you that a credit card sale to a buyer in Oregon is many times riskier than in West Virginia? Or that a Florida sale is way riskier than a Wyoming one?
If knowing that charges from high-risk states are fraudulent three times as often as ones from low-risk states, does it make a difference to you? Should it make a difference to you?
That’s the interesting question that bubbles up based on a new chart from Experian that analyzes 2015 e-commerce attack rates by state and zip code. You can look at the data based on billing address — that’s the location of the individual victim of a fraudulent purchase — or on shipping address — which is the actual fraudster’s likely whereabouts. (Delaware appears to be the haven for fraudsters, with an attack rate of nearly 40 basis points. Oregon is not far behind, at about 34 basis points.)
Even if a merchant’s payment gateway allowed them to throw up added defenses if it identified high-risk states, it’s dubious the merchant would want to say no to that potential business. The fraud risk rate simply isn’t high enough to turn away a sale.
But if fraud rates climb to new levels, it’s possible this information could be used as a flag to more closely scrutinize a purchase as a riskier proposition. This is particularly true in the card-not-present world, where merchants and suppliers bear a larger share of the cost of a fraudulent transaction.
3Delta Systems provides secure payment gateways for suppliers and buyers, and we provide tokenization solutions to protect payment card and credit card data. That places us firmly in the role of merchant’s advocate, when it comes to data security, cybertheft protection and fraud.
Our advice for merchants is to start by lowering fraud on the front end. That means preventing the credit card data you handle from being stolen in the first place.
If you’re still storing credit card numbers, get them off of your system with a tokenization solution, like CardVault. In addition to giving the red-hand to cyberthieves, there are a host of other benefits, including simpler PCI compliance checkups and lower costs, over time, than in-house protection methods.
And if you're still transmitting data in the clear, stop. Move to an encryption solution to make your customers’ data — and your liability — less friendly to data thieves.
If all suppliers, merchants, sellers took these measures, fraud levels would plummet. And that would happen without the need for you to move your headquarters out of D.C. or saying no to any sales in Florida.
For more valuable articles on data security, check out 3Delta Systems' blog, Paying it Safe.
Tribute, Inc. partners with 3Delta Systems to offer a secure tokenization technology integrated with TrulinX and the Tribute Software System called CardVault® which lets businesses accept and process card payments while removing the risk of storing card information on internal systems. As a result, moving your card data "out of scope" lessens the risk of a data breach, and promotes faster and easier PCI compliance and cuts costs. Tribute customers can contact Jeff Waite (x225) at Tribute, Inc. for more information.