Payment fraud has always been a large threat to anyone that deals with any sort of monetary transaction. With advanced payment technologies settling into the market, the standards for security are also rising fast. But while fintechs are developing more advanced payment options, fraudsters are not falling behind.
According to Juniper Research, between 2020 and 2025, e-commerce fraud losses in the world will see 18% growth. This year alone, global e-commerce businesses will have lost $20 billion to fraud.
The pandemic is one of the reasons for growing online payment fraud losses. Many merchants quickly moved their businesses online without taking proper security measures. But today, having a sophisticated security system is no longer considered an advantage. It’s something that clients expect every merchant to have in place.
Choosing a reliable payment infrastructure should be a top priority for every e-commerce company and service provider. Only payment solution providers with sophisticated security features can ensure a secure payment flow for merchants and their customers.
How does kevin. tackle security risks?
We consulted with our in-house security experts – CTO Vytautas Gimbutas and Lead Back End Developer Michail Ostryj – and discussed the most relevant threats that pose the highest risk for merchants and their clients. We picked each of the risks and explained how kevin. tackles these issues to ensure maximum security.
1. MitM attacks
A man-in-the-middle attack (MitM attack) is a type of cyberattack when an attacker impersonates someone else in order to commit fraud. For example, the criminal steals credit card details and makes a purchase in someone else’s name. Once the goods arrive, they request a chargeback. These attacks are a threat to both merchants and their clients. Merchants may send out goods to fraudsters without knowing that they’ve been involved in a MitM attack and never receive the payment.
Fraudsters may also fake notifications that merchants receive about a completed payment. Once the merchant receives such notification from their payment infrastructure provider, they send out the goods. Unfortunately, if the notification is fake, the payment will never reach the merchant and result in a revenue loss.
How can kevin. help?
With kevin.’s infrastructure, the client’s payment instantly reaches the merchant’s account. As a result, the merchant can promptly ship products or deliver services while remaining certain that money has been received. kevin. only sends payment confirmation notifications to merchants after the payment has been made and cannot be reversed.
Additionally, all the notifications that kevin. sends out to the merchants are signed with hash-based message authentication code (HMAC). HMAC signatures add an extra security layer that ensures kevin.’s communication to the merchants cannot be hacked or faked in any way. kevin.’s communication to the merchants aligns with all the industry security standards.
2. Card detail leaks
According to UK Finance, in 2020, 45% of all frauds in the UK involved credit or debit cards, which led to losses of more than £570 million. While the losses are 7% lower than in 2019 (mainly due to the pandemic), credit card fraud remains a massive issue, and companies are taking large measures to prevent it.
How can kevin. help?
kevin. offers a solution that completely eliminates the risk of card fraud. Account to Account (A2A) payments allow customers to pay directly from their bank account to the merchant’s account. A2A payments not only help against card fraud but also significantly reduce the transaction costs because they eliminate the unnecessary middlemen.
Whether your customers choose to pay by a card or bank, their details are secure with kevin.’s payment infrastructure. kevin. uses an advanced token management system that enables merchants to offer clients the possibility to save their payment details in a secure manner.
We have developed our own token system that resembles those used by the banks. Our system ensures the highest level of digital security. We issue merchants with our own tokens. Therefore, if tokens ever get in the hands of fraudsters, they will have no value to them.
3. Dealing with sensitive information
Merchants and their customers need to be sure that their data is stored securely. To ensure that, merchants should only choose to work with organisations that are secure or Payment Card Industry Data Security Standard (PCI DSS) compliant.
Partnering with a PCI DSS compliant payment infrastructure provider is beneficial for small and medium-sized businesses since they don’t need a Record of Compliance or an onsite audit by a Qualified Security Assessor (QSA). These merchants are usually not required to fill out an Attestation of Compliance.
How can kevin. help?
All the sensitive data is secure with kevin. and is stored in the Amazon Web Service (AWS) cloud, which is also used by the largest industry players such as Stripe, Barclays, Monzo, and others.
All the data that goes through kevin. is encrypted and cannot be hacked. kevin. uses a tokenization process that swaps sensitive data with non-sensitive data. This way, a card’s PAN is replaced with a unique set of numbers that, without access to kevin.’s system, will be useless to anyone if they could ever get their hands on it.
We also have a 24/7 system monitoring in place. In the event of any security breach, we’ll be alerted in real-time so we can stop any fraudulent activity before it causes any harm.
Payment fraud is and has always been a large threat to merchants. There are different ways for fraudsters to attack merchants, but a secure payment infrastructure can help reduce or even eliminate these risks.
Security is a top priority for kevin. We have installed various security measures to create the safest payment infrastructure. We also offer payment features such as account linking to ensure merchants can offer fraud-proof payment solutions to their customers.
kevin. uses advanced security features and tokens to protect sensitive data. If you’d like to learn more about any of our features, get in touch with us at firstname.lastname@example.org, and we’ll make sure to offer a secure payment infrastructure solution for your business.