Open Menu Close Menu

Payment AuthenticationHow to Verify Your Buyer’s Identity Before the Sale

David DeCorte
David DeCorte | August 1, 2024 | 12 min read

Payment Authentication
  1. Articles
  2. Fraud Prevention
  3. Payment Authentication

In a Nutshell

This article looks at some strategies you can adopt to authenticate buyers and prevent payment fraud. We’ll discusses the importance of training employees to recognize potential signs of fraud, monitoring transaction patterns for suspicious activity, and employing a comprehensive strategy beyond just payment authentication.

How Does Payment Authentication Work? What Methods Can You Use To Validate Buyers?

Let’s say you’re trying to process a transaction at a brick-and-mortar. There are some pretty basic ways to know if the customer on the other side of your checkout counter is actually the person they claim to be.

Chip readers and PIN codes can help authenticate the buyer. You can ask for additional validation, too, such as a driver’s license. Plus, if you receive a decline code, you can simply ask the customer to try a different payment method.

What about online transactions, though? You never come face-to-face with your customer. So, how do you know they’re not an impostor?

In this post, we’ll examine payment authentication best practices, and outline how you can validate buyers and recognize potential fraud with a high degree of accuracy.

Recommended reading

What Is Payment Authentication?

Payment Authentication

[noun]/pā • muhnt • aa • then • tuh • kay • shn/

Payment authentication is the process of verifying the identity of the party on the other end of a transaction. This is done by merchants, who need to verify that their customers are authorized to use a specific payment card.

As the name implies, payment authentication most often refers to the process of verifying the identity of a customer during a payment card transaction. You check the information provided by the buyer against the info on file with the company that issued the card. If the information doesn’t match, you should check to make sure a cardholder’s account isn’t being used for unauthorized purchases.

Payment authentication lets you verify a buyer’s identity. You can ensure that only authorized individuals are using payment cards for purchases. This protects your businesses from potential losses due to fraud (and the resulting chargebacks).

In short: payment authentication offers added you — and the financial institutions that work with you — some security and peace of mind.

Did You Know?

Experts estimate that more than $1 trillion was lost to cybercrime in 2020; roughly 1% of global GDP that year.

2022
2022
A Real-World Look at Chargeback Management

Based on a survey of over 400 merchants, the report presents a comprehensive, cross-vertical look at the current state of chargebacks and chargeback management.

Access the FREE Report

How Does The Payment Authentication Process Work?

The buyer gives you their card info. You send it to the bank, and get a response. Simple enough, right?

The truth is that requesting and authenticating a payment is a pretty complex process, involving a bunch of different players. There’s your gateway provider, your processor, and your acquirer, plus the card network and the card issuer. It looks something like this:

Common QuestionAre authentication and authorization the same thing?No, authentication and authorization are different processes. Authentication verifies the identity of a user or cardholder. Authorization determines what resources an authenticated user is allowed to access, or what actions they can perform.

Let’s zoom in a little, though, and focus on the authentication part. Authentication technologies get deployed at several steps in the process. You and your processor will both probably deploy some fraud-detection tools, and so will the issuing bank. This redundancy makes it more likely that an anomaly will get spotted.

These are the three key strategies each party can deploy:

Anomaly Detection

Anomaly Detection

Analyzing internal and external data points to produce a framework of “normal” activity, and gauging transaction data points against that benchmark.

Predictive Modeling

Predictive Modeling

Using machine learning to analyze historical data points. This helps detect patterns of fraud and predict how likely a particular transaction is to be fraudulent.

Risk Scoring

Risk Scoring

Analyzing transactions based on factors like location, merchant type, and purchase amount. This information helps determine whether to approve a transaction.

What Payment Authentication Factors Can You Examine?

Most methods you can use to help authenticate customer payments fall into one of four categories:

Ownership

Ownership, or possession, is based on a physical object in the buyer’s possession. For example, entering a one-time code texted to their phone would demonstrate that the buyer possessed that phone.

Knowledge

This refers to information that only the cardholder should know. A PIN code, for example, or a personal password. It may also be the answer to a security question, such as the name of a pet or the maiden name of a relative.

Common QuestionWhat is CHAP?Challenge-Handshake Authentication Protocol, or CHAP, is a 3-way challenge-and-response verification tool. The protocol establishes a temporary token, or "handshake," between your site and the cardholder. The handshake can be periodically checked throughout the session for further security.

Inherence

Inherence doesn't test what a buyer knows. Instead, it tests something that a buyer inherently is. This often means biometric information, and could include a fingerprint, voice recognition, or face recognition.

Location

Data from the buyer’s GPS or IP address is compared against historical buying patterns. Significant variances, such as large orders from a different country, or mismatches between shipping and billing information, may indicate fraud.

What is Strong Customer Authentication?

Employing at least some type of payment authentication solution is highly recommended. In some cases, though, it might be a requirement.

More and more governments are trying to fight fraud by implementing strict mandates for buyer validation. The use of strong customer authentication (SCA), for example, is now a law in the European market.

Are you sure that shopper is an authorized cardholder?REQUEST A DEMO

SCA requires merchants to “double-down” on payment authentication during checkout. Verification by card number, address, and CVV is no longer enough. Transactions in the European Union or the United Kingdom now have to verify the buyer’s identity based on at least two factors.

These two-factor checks must be verified to the issuing bank’s satisfaction. If SCA standards are not met, or are not offset by transaction risk analysis, then the transaction will be declined.

What Tools Can I Use For Payment Authentication?

Different tools let you to obtain authentication information in different ways. Here are a few of the most common — and most effective — tools for payment authentication:

CVV Code

If you're not requiring your customers to enter the CVV (Card Verification Value) code on all orders, you're ignoring a powerful (and free) authentication device. Having access to this 3- or 4-digit number means the buyer is likely in possession of the actual credit card. The CVV cannot be stored with other cardholder data: thieves cannot obtain that information through a data breach.

Learn more about CVV codes

Address Verification

AVS (Address Verification Service) is used when you request authorization for a customer credit card purchase. It automatically checks the billing address submitted by the shopper against the cardholder's billing address on record at the issuing bank. You'll receive a code that indicates how much of the address matches, and can decide how to proceed from there.

Learn more about AVS

3-D Secure

3-D Secure Version 2.0 and later (or just “3DS2”) checks an estimated 150 verification details automatically and in real-time. Billing address, transaction history, device ID, geolocation, and more are compared to confirm a customer’s identity. Most 3-D secure payment authentication is frictionless. And, unlike the original version, 3DS2 can be used for mobile payment authentication.

Learn more about 3-D Secure

Tokenization

Payment card tokenization means that the cardholder’s primary account number is swapped for an algorithmically-generated token. This digital token represents information, but is meaningless by itself. Even if a fraudster manages to hack the transaction, no actual account details are exposed, meaning the data cannot be used for future fraud.

Learn more about tokenization

Fingerprinting

Any time a user visits your site, they leave behind hundreds of potential indicators. These include IP address, browser, time zone, operating system, and more. This combined data creates a type of digital “fingerprint” of users based on the device used to access the site. With device fingerprinting, you can block devices associated with known bad actors and use the data to fine-tune your prevention strategy.

Learn more about device fingerprinting

Geolocation

Geolocation uses the wifi signals a device accessed to determine the geographic location of the shopper. Geolocation can’t authenticate the user’s actual identity, but it can supply clues. If a payer's card is registered in the US, for example, but the order is being sent from southeast Asia, it’s worth double-checking to ensure the transaction is legitimate.

Learn more about geolocation

Velocity Checks

When fraudsters identify a valid card number, they’ll typically run repeated transactions as quickly as possible. The goal is to buy as much as possible before being discovered. Velocity checks scan transaction variables such as name, shipping address, and order frequency, looking for information actions within a specified time period. Too many of the same orders could indicate fraud.

Learn more about velocity limits
Important!

There’s no “killer app” for fraud prevention. Payment authentication will require you to use multiple different tools. Then, with more redundancies in place, you can build a better profile of each buyer and engage in better, more accurate, and informed fraud decisioning.

Writing
Writing
Writing Winning Chargeback Rebuttal Letters

Learn how to create a winning debit or credit card chargeback rebuttal letter. Download our rebuttal letter template and writing checklist today.

Get the FREE guide

Best Practices for Payment Authentication

Without good payment authentication practices, you’re leaving your business wide-open to fraud and chargebacks. At the same time, authentication methods must be both accurate and efficient, without causing friction at checkout.

Here are some authentication steps you can take to optimize effectiveness while providing a seamless customer experience:

#1  |  Use More Than One Authentication Tool

No single tool can be 100% effective, but a mix of multiple tactics can increase your success. You may have to experiment to find the right mix.

#2  |  Use the Most Comprehensive Data Available

The more data you can cross-reference, the more accurate you can be. Tap into the best data you can find, and use machine learning to constantly fine-tune results.

#3  |  Keep Up-to-Date Records

Your authentication tools are only as good as the information you have on file. Perform regular account checks to update expired card-on-file details.

#4  |  Train Your Staff to Recognize Potential Fraud

Your employees can help identify fraud if they know what to look for. Training your staff to recognize some common warning signs associated with fraud.

#5  |  Monitor Transactions

Keep an eye out for any suspicious activity or patterns. If something seems off, don't be afraid to reach out to the customer to try and validate the buyer.

#6  |  Employ a Larger Strategy

Payment authentication is a powerful fraud prevention tool, but it’s only one tactic and affects only one fraud risk. It won’t help against other issues, such as friendly fraud.

Need Help?

Like every other aspect of fraud prevention, payment authentication can be confusing. A good payment authentication solution can help, but it will still tie up resources. Instead of spending all your time and energy trying to untangle specific needs and regulations, most merchants find they can get a better ROI by working with professionals.

Looking for the most effective ways to prevent fraud and chargebacks while getting back to the business of running your company? Contact Chargebacks911® today to speak to one of our experts.

FAQs

What is payment authentication?

Payment authentication is the process of verifying the identity of the party on the other end of a transaction. This is done by merchants, who need to verify that their customers are authorized to use a specific payment card.

What is the difference between payment authorization and authentication?

Payment authorization is the process where a merchant obtains approval from a payment processor to complete a transaction, confirming that the customer's account has sufficient funds. In contrast, payment authentication focuses on verifying the identity of the user making the transaction, ensuring that the person is indeed the legitimate cardholder.

What are the three types of authentication?

The three types of authentication are something you know (like a password or PIN), something you have (such as a smart card or mobile device), and something you are (biometric data such as fingerprints or facial recognition). Each type provides a distinct layer of security, making it more difficult for unauthorized users to gain access to sensitive information or systems.

How do banks authenticate transactions?

Banks authenticate transactions through a combination of methods, including multi-factor authentication, where users must provide something they know (like a password), something they have (like a one-time code sent to their phone), or something they are (like biometric data). Additionally, banks monitor transaction patterns for unusual activity, flagging or verifying any transactions that deviate from a customer's typical behavior.

Which comes first: authentication or authorization?

Authentication comes first, as it verifies the identity of the user attempting to access a system or complete a transaction. Once authentication is successfully established, authorization follows to determine the user's permissions and whether they have the right to proceed with the requested action.

David DeCorte

Author

David DeCorte

David DeCorte is the Content Manager at Chargebacks911. He is the primary editor of the Chargebacks911 blog, and also writes and edits much of the material published offsite by the company. His work has been featured in numerous industry publications including Mashable, Business2Community, Fintech Futures, and more.

Ready to get started?
We Take the Guesswork Out of Chargeback Management
You might also like...
Proxy Piercing
November 7, 2024 | 10 min read

Proxy Piercing

Proxy Piercing: How Merchants Can Use it to Prevent Fraud

Fraud Prevention
Fraud Detection Tools
August 22, 2024 | 20 min read

Fraud Detection Tools

The Top 10 Fraud Detection Tools You Need to Have in 2024

Fraud Prevention
Card Verification Value
August 13, 2024 | 12 min read

Card Verification Value

Card Verification Values: What Are CVVs & How Do They Work?

Fraud Prevention
Join the conversation
Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
Ready to get started?
We Take the Guesswork Out of Chargeback Management

Information

Information

Resources

Company

Contact Us

United States

18167 US Highway 19 N
Clearwater, FL 33764

877.634.9808
info@chargebacks911.com

Europe

Vantage House
6-7 Claydons Lane
Rayleigh, Essex, SS6 7UP

+44 (0) 2037 505550

877.634.9808

PCI Compliant

Copyright © 2024 Chargebacks911®

Privacy Policy | Terms & Conditions

We’ll run the numbers; You’ll see the savings. Stop losing money to chargebacks. Let us show you how much you could save.
Have a question? Give us a call to speak with an expert. 877.634.9808
triangle shape background particle triangle shape background particle triangle shape background particle
Please share a few details and we'll connect with you!
Revenue Recovery icon
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form
Embed code has been copied to clipboard