Providing card and bill payment services for more than 25 years.

Find a store Customer Support 01606 566 600 01606 566 600
Published: 05/01/2019

4 types of card payment security you need to know

Product Information

If you take card payments or are interested in getting started, card payment security will play a big part in your business day to day.

Card acceptance is, after all, the transferring of money and data between two key parties – you and your customers.

That’s why all our payment solutions meet the latest PCI DSS compliance requirements and use the latest security features, so that you can process safe and secure payments.

So, let’s take a look at the different types of card payment security you need to know about.

1. Chip and PIN technology

Chip and PIN is the most common payment technology used in card machines, and was originally introduced into the UK in 2006 to combat card payment fraud.

Why? Well, before Chip and PIN, businesses took card payments using a magnetic swipe. You would swipe your customers’ card through the machine and then they would physically sign the receipt. You’d then check the signature against the one on the back of the card to verify the payment.

So, if you lost your card or had it stolen, there was very little protecting you from card payment fraud, as your signature could be easily forged to process payments.

Chip and PIN works quite differently. We’ve covered everything about Chip and PIN in our blog, but here’s a quick breakdown just to give you an idea:

  • Your customer puts their card into the machine
  • They’ll be asked to enter their 4-digit PIN code.
    • This is provided by their bank when they first get the card and they’ll have been encouraged to change this to be more personal and memorable, so it’s something only they know.
  • Once entered, the encrypted data is sent to the business’ merchant account.
    • This is a separate account, and it’s where all the transaction funds are checked to see if the customer has enough funds to pay before being authorised.
  • After the payment has been checked and approved, it goes straight into your business bank account, so you can access the money.

You don’t have to do anything for this to happen. It’s all done automatically in the background every time you take a payment, in a matter of seconds. So not only is the process much more secure than the old magnetic swipe method, but it’s a much faster way to pay too!

If you’re taking contactless payments, the transaction process works quite similarly but the customer won’t be required to enter their PIN code. You can read more on how contactless cards work here.

2. Address Verification System (AVS) and Card Verification Value (CVV) Checks

If you take phone payments from a customer through a card machine or a virtual terminal, you’ll have likely used one of these security checks before.

Address Verification System (known as AVS) asks you to provide your customers full billing address and matches the digits of the postcode given to the address stored with the cardholder’s bank.

Card Verification Value (also known as CVV or CV2) works by asking you to enter your customers’ card verification code (CVC) or card security code (CSC) to confirm their card details. The code is the 3-digit or 4-digit number normally found on the back of the card.

These checks are all done in real-time, so you’ll be able to see the results on the virtual terminal system. You can then approve the transaction.

If the checks come back as failed, they can be used as early indicators of card payment fraud, so you can decline any suspect transactions – keeping you and your customers safe.

3. 3D Secure Authentication

3D secure authentication or 3DS is an added layer of security to help prevent card payment fraud for online payments, and it’s backed by major card issuers like Mastercard and American Express.

Before your customers can pay for their online shopping, they’ll be redirected to their card providers 3D secure page.

There, they’ll be asked for their password which they will have already set-up with their bank, or they will need to enter an authentication code, which is sent to their mobile phone.

It’s a quick process and is all done by the customers’ card provider.

You can read more about what 3D secure authentication is in our blog.

4. PCI DSS Compliance

We might have put this one in last in our list, but it’s one of the most important when it comes to card payment security.

PCI DSS compliance (which stands for Payment Card Industry Data Security Standard) is a standard put in place to ensure that your business has the correct security controls to protect your customers when they pay by card.

This involves the storage, transmission and processing of your customers’ card details, so that you can ensure their data is safely protected.

It’s a mandatory requirement for any business that takes card payments. So, it doesn’t matter how big or small you are, or what card payment method you use, you’ll need your business to be PCI compliant.

If you’re not, not only will you put you and your customers at risk of a data breach, but you could face additional PCI charges every month.

For more detail on what PCI compliance is, be sure to check out our blog for more information.

How can I start taking secure card payments?

If you’re a business looking to take quick and secure card payments, we can help.

All our solutions use one or more of the above features when processing payments, and are connected to a secure merchant account which safely processes the payments outside of your business bank account. You can read more about what merchant accounts are here.

All of our payment processing solutions also come with the latest PCI DSS security. So, whether you want to take face-to-face payments, over the phone or online payments, you and your customers will be protected against card payment fraud.

To get your business fully PCI compliant, you’ll need to complete an online assessment, which can be up to 300 questions long, to ensure you have all the necessary controls in place to protect you and your customers.

We have a dedicated team to help you do this.

Share this page:
Vanessa Littler Digital Marketing Executive
Merchant standing at his till
Product Information

What is a merchant account

Find out everything you need to know about merchant service accounts.

Payzone card reader
Product Information

What is a card reader and how do they work

Find out everything you need to know about card readers...

Payzone PDQ machine
Product Information

What is a PDQ machine

What does PDQ stand for? PDQ stands for ‘Process Data Quickly’ and a PDQ machine is just another nam