The e-commerce market is living in a crisis, now is the time when one of the key tasks for successful "survival" is setting up all the "cogs" of the mechanism of your site. One of these "cogs" is a service for accepting online payments on the site. If done right, it can be a success factor, and if used incorrectly, it can lead to serious problems. In this installment, the first in a series of “9 Secrets of Online Payments”, featuring eight years of experience from the carders team, we will share the rules for setting up the 3-D Secure protocol to successfully process payments on your site for carding and cashout valid CCs.
Content:
Part 1. Setting up 3D Secure
Part 2. Recurring payments
Part 3. The page for choosing a payment method
Part 4. Payment form
Part 5. Mobile payments
Part 6. One-click payment
Part 7. Fraud monitoring system
Part 8. Refunds and how to avoid them
Part 9. Payment service settings for the type of business
Part 1. Setting up 3D Secure
A brief excursion into the history of the issue
The creator of the 3-D Secure (3DS) protocol is the international payment system Visa (Verified by Visa program). 3DS is supported by the world's key payment systems: MasterCard SecureCode and J / Secure from JCB International.
The main task of 3DS is to protect payers and businesses from fraudsters. Support for the 3DS protocol practically eliminates the risk of fraudulent transactions using a bank card, as it is another way to confirm the identity of the payer.
Why is 3-D Secure called that? Three domains (3D) are involved in payment processing using the 3DS protocol, on which transactions (payment transactions with bank cards) are created and verified: the acquirer's domain, the issuer's domain and the interaction domain.
How it works?
80% of bank cards are subscribed to the 3-D Secure protocol. More 300 million shop online. This means that more than 250 million went through the payment authorization process using 3DS at least once. How does this happen from the payer's point of view?
A person places an order on the website, clicks "Pay" and, having completed the payment form, goes to the page located on the domain of the issuing bank (the bank that issued the card) to enter a unique verification code.
In most cases, the code comes in the form of SMS, sometimes other mechanisms are used (a set of codes on the card, clarification of the code by phone at the bank, etc.). All the payer needs to do is enter the code in the appropriate field and complete the payment procedure.
From the point of view of an online store, it's not that simple. Not all bank cards are subscribed to 3DS: a number of banks simply do not support the protocol, in some banks the decision to connect to the 3DS authorization service is made by the payer. There are about 20% of such cards. World has issued more than 1000 million cards, one and a half cards per person. Of course, it should be borne in mind that people who make purchases on the Internet are trying to protect themselves, and cards without 3DS are mainly issued as part of salary, pension, and scholarship projects.
But, nevertheless, in the audience of each commercial site there are clients with cards that are not subscribed to 3DS (their share depends on the type of business of the company, the geography of its work, and other factors). You need to make a decision on how to work with these clients, how to set up the 3-D Secure protocol.
This is where the online store is faced with the issue of security and the need for risk assessment. Skipping all transactions in a row is a risky step, you can "run into" scammers, get chargebacks and lose a significant part of your profit. On the other hand, declining payments on cards that are not subscribed to 3DS means losing loyal customers and your own profit.
The trade-off between security and conversion
Setting up 3D-Secure on a website is a delicate matter. It requires an understanding of the level of risks in the segment of the Internet business in which the company operates.
There are three main types of settings for the 3DS protocol:
We will tell you more about configuring the 3-D Secure protocol below. We note right away that further we will talk about setting up the acceptance of payments by cards subscribed to Verified by Visa or MasterCard SecureCode.
Full 3DS
Full 3DS is a basic 3DS protocol setting recommended by international payment systems. This setting minimizes the risk of fraudulent transactions and, accordingly, the likelihood of chargebacks and financial risks for the company.
How it works? Very simple. Payments are approved only after authorization using the 3DS protocol. Valid for all cards without exception. All transactions are processed using the 3DS protocol.
If 3DS verification on the issuer's side does not work or the card is not subscribed to 3DS, the transaction will go through only with the issuer's consent, otherwise it will be rejected.
This protocol setting complies with international security standards and minimizes the risk of fraudulent transactions. As part of our basic box-based payment solution Pay-Start (the solution is developed for sites with a turnover of up to 30 thousand rubles per day), only the basic, Full, setting of the 3DS protocol is used. This provides small companies with almost complete security when accepting payments. The payment service is responsible for the security of payments and will never recommend the client to "put himself at risk" of fraudsters.
However, in the case of large businesses, the issue of increasing conversions becomes so critical that it can force the entrepreneur to make concessions regarding safety. In this situation, some or all bank card payments are processed without verification using 3DS. This concerns the minimum and two-step protocol settings.
Minimum 3DS
The minimum settings of the 3DS protocol allow you to check the cards signed on 3DS, and skip the rest without verification (more precisely, with verification - but using other security tools, the so-called security filters).
So, when choosing the minimum 3DS settings:
Two stage 3DS
This 3DS protocol setting is similar to the minimal one, but it has one significant difference. In this case, all requests for approval of transactions are sent to the issuing bank using the 3DS protocol. And the issuing bank decides on the possibility of a transaction if the payer's card is not subscribed to the 3DS protocol. If the bank rejects the transaction, it is sent for verification again, but not using the 3DS protocol.
You can go further and choose one of three possible options, setting up 3-D Secure even more "thin", taking into account the type of business and the geography of the countries in which the interests of the company are represented. For example, enable 3DS for certain countries or a given type of cards, as well as depending on various payment parameters - amount, payer's geography, etc.
It should be noted once again that the minimum and two-stage 3DS, if used unprofessionally, can increase the risk of fraudulent transactions and, accordingly, financial losses. In general, setting up 3DS is not a toy at all.
Before changing the protocol settings, a joint analysis of the audience and the specifics of the company's business is carried out (the average "hospital" level of risks in this segment, the geography of payment acceptance, the size of the average check, etc.). The analysis is carried out by specialists of the payment service with the participation of representatives of the client's company. Based on the results of the analysis, recommendations are provided on the possibility of changing the settings and the associated risk level. The final decision is made by the client, as he takes responsibility for the possibility of fraudulent transactions. It should be noted that changes are most often implemented if there are no serious fears of fraud.
What to do?
This raises the question, what is the more convenient, profitable and safer scheme for an online store or another service that accepts payments online?
The only weakness of Full 3DS is obvious - payments for cards that are not subscribed to 3DS (in some country there are about 20% of them and their number is constantly decreasing), will be rejected. Such cards are usually issued by banks outside the TOP-50, often regional ones. The main advantage is almost complete security: in accordance with the rules established by international payment systems, the issuing bank (the bank that issued the card) is responsible for transactions processed using the 3DS protocol.
By choosing a two-stage or minimal 3DS, the online store assumes the risks associated with the possibility of fraud (fraudulent transactions). However, with professional risk analysis, fine tuning of the fraud monitoring system on the side of the payment partner, the share of successful transactions increases noticeably, sometimes by tens of percent.
From theory to practice
Consider the case of one of clients, the airline ticket agency. The company's turnover in 2013 amounted to $ 4.5 billion, today the company boasts one and a half million passengers served.
In March 2014, the companys faced a problem: authorization of buyers using the 3-D Secure protocol provided a high degree of protection, but the company was faced with the task of increasing the conversion in payments: only 79% of transactions were approved.
At that time, two-stage payment authorization was used. The first stage of authorization was carried out using the 3D-Secure protocol. If the payment was made from a card that was not subscribed to 3DS, at the second stage of authorization, the check was performed by the fraudulent transactions monitoring system (it will be described in more detail in the following articles) based on the settings of its filters.
After analyzing the audience of buyers, the core of which was made up, the specialists together with consultant decided to change the security settings for payments made by cards issued. For such payment transactions, authorization via the 3DS protocol was disabled. They were checked fraudulent transactions monitoring system, each of 154 filters, which was configured in accordance with the specifics of the business. For other types of transactions, 3DS authorization continued to be applied.
The result was not long in coming: within six months, the conversion "skyrocketed" to 91%, and continued to grow.
At the same time, the number of "clean" transactions rejected by the monitoring system for this period can be counted on one hand - and all of them were subsequently identified and carried out manually. And thanks to the professionalism of the specialists involved in configuring the 3DS protocol, the changes did not affect the security level.
In the next issue, we will tell you how to link a client to your service using regular payments, what it is, what questions you may have at the connection stage, and payers in the process of using, and what kind of “profit” awaits as a result. If you want to connect and set up payments, experts will help you with this.
Part 2: recurring payments
It doesn't matter what you sell online, today it is a "good form" to accept payments by bank cards. However, depending on the type of business that you enter on the Internet, you can not only follow the rules, but also set up payment acceptance as efficiently as possible and "squeeze" the maximum profit from your site.
In today's issue, the second in the series "Top Secrets of Online Payments for carding", we will tell you why recurring payments, also called "auto payments" and "recurring payments", are so important for any online business, how users perceive them, how to interest and how to use them to keep a client on your site. This series is dedicated to the step-by-step setup of payments on the website and in mobile applications, contains eight years of experience of the carders team, which connected payment for more than 1,000 online stores and services.
From the buyer's point of view, auto payment is an opportunity to save time. A user who chooses a certain service on your site will only need to enter the card data once and forget about the need to visit your site every month, select this service and drive in the card data during the next payment. By providing the client with the opportunity to activate "auto payment", you will save him from the risk of being left without access to your service at the most inopportune moment (and yourself from losing the client).
How it works:
Who needs it?
In our practice, regular payments are most often used by Internet providers and other telecom market players. But in general, auto payment as a payment service is vital for all companies selling services or services that users periodically renew:
Even if you are selling products, this payment tool can be useful. For example, if a customer buys contact lenses from you on a monthly basis, they can be offered an auto payment - for the monthly payment of an identical order and its delivery.
Application of "auto payment" in your practice
How to motivate the payer to "stick" to you?
The convenience of using auto payment when paying, for example, for the Internet or mobile communication, is clear for both the seller and the payer. However, if you sell access to services (for example, dating sites) or content (online cinemas, etc.), things are not so obvious.
In this case, you can offer the user to authorize his card (link it) and get a month of free access to your resource. If the user does not like the service, he can unsubscribe for the next month. But if you provide quality services, your client will have time to evaluate them in a month - and are unlikely to want to refuse to renew their subscription.
There are many ways to get customers to use Auto Pay. Every business has its own specifics - and no one knows your customers better than you. Think, perhaps, connecting "auto payment" will allow you to significantly increase the company's income, and make the use of your service more convenient for users.
Please keep calm!
Money is very “personal”. The payer is worried about the safety of his funds even with a one-time payment, let alone multiple write-offs. Therefore, it is necessary to tell the client subscribing for auto payment in as much detail as possible about:
An example of informing clients is an instruction on the use of auto payment, implemented by one carder.
Depending on the specifics of your business, you can notify customers on a monthly basis about the date and amount of the next write-off - or opt out of notification.
Separately, it should be noted that automatic debiting of funds cannot be performed if there are no funds on the card. In the absence of funds on the bank card at the time of debiting the funds, auto payment is not disabled. The next attempt to write off funds occurs on the same date, but already in the next calendar month. In the event of a card re-issue, it is necessary to inform the client about the need to link a new card to the account.
Practice
Let's look at how Microsoft uses the Auto Pay service using the example of buying Microsoft Office. It is important to start working with possible objections of potential payers at the stage of product selection. That is why already at the stage of comparing packages, Microsoft tells the buyer not about the purchase, but about the subscription: this is how the user gets used to the wording “subscription”, which implies periodic payments.
After the visitor goes to the page of a specific product, he is offered two options for purchasing software: "for 1 year with automatic renewal" and "for 1 month with automatic renewal". No purchase, just a subscription with an emphasis on auto-renewal. Thus, in the first step, the user gets used to the subscription, and in the second, he resigns himself to automatic renewal.
When proceeding to pay for the order, the user is again informed that he is buying software with automatic renewal (that is, with automatic debiting of funds for paying for it - without human intervention). This attention to detail allows Microsoft to reduce the rejection rate at the stage of card linking and payment, as well as reduce the flow of negativity from inattentive customers who make a purchase without paying attention to information.
After entering the bank card details and authorizing it, the buyer is taken to the purchase completion page. On this page, he learns about the conditions for using "auto payment":
In addition, he learns that auto payment will be activated at the time of payment. Also, even before paying, he is invited to familiarize himself with the official terms of use and sale of the purchased software, including the terms of payment. And only after that the purchase is completed, auto payment is activated, and the client and his card are “tied” to the seller.
The same Microsoft used an excellent working case to increase the "stickiness" of clients. The user was offered a free month of using any Office suite, but to gain access it was necessary to go through the same card authorization procedure and agree to a "subscription" and auto payment, but in a month. During this time, the user gets used to the service and calmly accepts subsequent charges for using the software. This scheme is easy to adapt to almost all types of companies listed in the "Who needs it" section.
In the next article, we will tell you about setting up the page for choosing a payment method, namely: whether you need to connect all possible payment instruments or should you limit yourself to the "necessary minimum", and also figure out who pays with what and why on the Internet. Stay tuned for new articles in the series on our carding forum. And if you need to organize acceptance of payments on your website or in a mobile application, we will select a high-quality payment solution that suits your type of business.
Part 3: the page for choosing a payment method
Today, the number of online payment methods in Internet has exceeded a hundred: bank cards, e-wallets, mobile accounts, terminals, Internet banking - and that's not all. In the latest installment of the this series, about company's that provides services for integrating various payment methods into websites and mobile applications, will help you answer two key questions: "What?" (what methods of payment do your customers need) and "How?" (how to help a client choose a payment instrument without difficulties and problems).
Let's start with the fact that there is no and cannot exist a single ideal list of payment instruments for all sites. The list of payment methods is formed depending on several key factors:
Now we will consider the impact of these criteria on the formation of an optimal set of payment instruments.
Average check size
This is perhaps the most important criterion for choosing a set of payment instruments. Large payments are made online in two main ways - by credit card and using internet banking.
For a small check, you should include e-wallets and payments from mobile phone bills in your payment arsenal. It is worth noting that many electronic wallets today (in Runet - Yandex.Money and QIWI) issue bank cards associated with the wallet. This additional service turns the wallet user into a bank card holder.
Business geography
Companies that work with an international or overseas client audience need to pay attention to this point first. For them, it is mandatory to connect to the acceptance of payments by bank cards of international payment systems that are not common in some country: American Express, JCB, Diners Club, UnionPay. It will be useful to connect such a universal payment instrument as PayPal (although, according to user reviews, this is still difficult).
Products or services
Selling goods is critically different from selling services with one but the most popular payment instrument - cash upon payment. From 40% to 90% of buyers pay for goods in cash (depending on the level of trust in the store, the cost of the goods, the geography of delivery). It should be noted that there are practically no micropayments in the Internet business product sector, which means that there is no noticeable need for appropriate payment instruments.
In the case of the sale of services, all payments are made via the Internet, and here it is necessary to provide customers with a complete, but not overloaded list of payment methods. Think about how it is convenient to pay for your minimum check (possibly SMS payment) and maximum check (what types of bank cards are needed).
Customer habits
Don't forget your shopping habits. For example, if you are selling software, your customers will probably want to pay for their purchase using WebMoney. And if you are selling a subscription to a game, do not forget to pay from your mobile account. Look at your site through the eyes of a client, draw his "portrait", detail financial habits and create the most comfortable conditions for the buyer to part with money in your favor.
What's more important
Depending on the average check and segment (goods or services), payment instruments can be distributed according to the level of importance for certain categories of online stores and online services.
Next, we will give you some tips that will help you make the page for choosing a payment method as efficient as possible. And, of course, we will analyze practical cases taken from the practice of real Internet shops on the Runet.
First advice. Do not follow the logic "The more the better"
In most cases, only a couple of payment instruments are in real demand (see Table 1). The largest selection of payment methods is provided to their customers by coupon services, online software stores, ticket (city) ticket offices and government services. In the vast majority of cases, 99% of online payments will account for 2-3 payment instruments. Do not forget that most prefer to pay in cash on delivery for large physical goods in order to check the quality of the goods before buying.
Below is an example of a redundant list of payment instruments. Despite the appeal “Please choose a convenient payment method for your order”, there is no “smell” of user friendliness here. The list is overloaded with payment options, additional information about the commission. Probably, the ranking of the priority of payment methods was also not carried out.
To increase the convenience of the page, it is worth highlighting the priority tools, collapsing the homogeneous ones into a drop-down list (for example, "Money transfer - select"). Additional information on the commission should be removed or converted into the final cost (without forcing the user to independently calculate the difference between the items "commission 2-3%" and "commission 1-2%"). The usefulness of the information about the commission is doubtful, since the indicated ranges do not add specifics, but are put into a stupor: "commission 4-20%", "commission 3-15%".
Second advice. Structure payment methods
If you provide your customers with a wide range of payment instruments, create a separate section for bank cards, a separate section for electronic money, and a separate section for payments via mobile operators. Visualize payment methods with icons and logos. In large volumes of text, attention is scattered, sometimes it is difficult to understand how they differ. It is better to immediately recalculate all discounts and commissions into the final amount of the order (and do not forget about the rules which prohibit charging more money for payment with a bank card than for any other payment method). Below is an example of the incorrect structure of the page for choosing a payment method.
All payment methods are dumped into one field, there is no division into types of payment methods (card, terminal, SMS, electronic wallet). There is another set of payment instruments hidden under the Show other payment methods link. There is no need to force the client to independently orientate in all the variety of the presented payment methods. Provide him with a clear structure with a logical division.
This online store shows the buyer three simple groups of payment instruments: "Cash", "Bank", "Electronic money". Of course, the division is not generally accepted (the concept of "Bank" often includes Internet banking, and not payment by credit card), but the desire to make the choice of a payment method as simple and convenient as possible is clearly visible. Another plus is the automatically calculated purchase price for each payment instrument. The buyer does not need to count himself and he is certainly grateful for that.
Third advice. Don't scare the client with terminology
Your customer is not required to be familiar with the terminology common in the Internet business environment. Separately, it should be noted that even payment service providers, not to mention stores, often use completely different terms to denote certain phenomena of "payment reality". Speak with clients in their language, and get rid of rejections at the stage of choosing a payment method and at the stage of payment, additional burden on the call center and other consequences of misunderstanding.
In the following example of incorrect use of the terms, the customer is presented with a choice of “payment method” and “payment method”. To the user, this looks like a repetition, a tautology, an error, and, finally, confusion.
And the online store in the first case offers the buyer (!) To choose which payment service will process his payment. And only in the second case, the buyer chooses which payment method will be used to make the payment: by card or from an electronic wallet.
Fourth advice. Don't leave your work to the client
Often, online stores that accept payments through several payment services (aggregators, payment service providers, acquiring banks) offer customers to independently choose “through whom to pay”. In his opinion, as a typical payer, all payment services are "on the same face", and most likely, for the first time he hears about both. The payer does not understand why a second payment aggregator is proposed for making a bank card payment.
Distribute payment traffic between aggregators yourself. Do not force the payer to try to hit the sky with your finger. It is better to offer the client to choose the type of bank card. A more logical implementation of the choice of a processing center is shown in Figure 6, where by default payment with a Sberbank card through an acquiring bank is selected. Since Sberbank cards account for more than 60% of payments in Runet, this choice is justified. If the payer pays with a card of another bank, he can change the processing center. Although, again, nobody canceled the routing of payments.
Fifth advice. Don't overload the checkout page with unnecessary links
The buyer should not be distracted by unnecessary information and leave the page for choosing a payment instrument. This breaks the conversion chain and negatively affects the share of successfully paid orders. The following is an illustrative example of correcting such an error.
That's all. In the next part, "9 Secrets of Online Payments", we will tell you what every owner of an online store that accepts online bank card payments needs to pay attention to. And if you need to set up accepting payments on the website / in the mobile application or get expert advice, we will find a suitable solution.
Part 4: the correct payment form is the key to successful payment
The payment form is the final step when making an online payment, and nothing should prevent the buyer from taking this step. In the new issue of the series "9 Secrets of Online Payments", we will tell you what a payment form should be on a commercial website so that the client does not interfere with the successful payment.
The payment page is critical. It is the “end station” for customers who shop on your site. This is the place where the user enters his bank card details and makes the final decision to part with the money earned "by sweat and blood". Here the site visitor becomes a customer that brings the company money.
Based on the results of seven years of work in the e-commerce market and based on the experience of hundreds of clients, the specialists which organizes online payments, identified seven key points that every owner of an online store that accepts online bank card payments needs to pay attention to.
1. Trust and security
The page with the payment form must be generated individually for each payment. User data must be reliably protected from intruders and transmitted to the acquiring bank in encrypted form using the TLS (Transport Layer Security) cryptographic protocol. Payment security must be confirmed by PCI DSS (Payment Card Industry Data Security Standard) security certificate. And most importantly, the payer should know that his money is safe. Whenever a customer's billing and personal information is involved in the checkout process, remember to demonstrate all the precautions you and your payment partner take to keep them safe.
In a survey conducted by Econsultancy, it was found that 58% of respondents interrupted checkout due to concerns about the security of payments. Only use the services of payment providers that have a TLS (Transport Layer Security) certificate. The certificate is used to ensure a secure connection and to encrypt bank card information. In addition, the payment processing process on your site must comply with PCI Security Standards Council (PCI SSC) standards. PCI DSS certificate confirms that payment processing is carried out in accordance with international security standards established for companies that store, transmit, process payment data.
Be sure to show the users the PCI DSS certificate, Verified By VISA, MasterCard Secure Code, etc. badges, as shown below using the example of the payment form of the Liters online store.
2. Get rid of distractions
The checkout page is the last step a customer takes on your site, and in our era of clip thinking and total lack of concentration, it is necessary to eliminate all factors that can distract the customer from completing the purchase. This means that you should not post any promotional materials on the checkout and checkout page, under any circumstances.
At this stage, the main goal is to accurately "bring" the client to the payment. An example is the registration page for the "Budist" service. The service focuses the attention of users on the form by removing the top menu from this page and leaving only the most necessary motivating information. Each field is accompanied by a hint - why the service needs this or that data.
3. Request only information you really need
Nothing hurts a conversion like having to fill out a form with information you don't need to complete a purchase. And a long list of fields to fill out becomes an obstacle course for payers, which only hinders him. The payment should not look like a hurdle mile race to the payer. For your customers, the payment process is a sprint, and you must help the customer complete it quickly and effortlessly.
According to Forrester, 11% of users abandoned a purchase just because they did not want to register or because they were asked for too much information. A payment form made in the form of a bank card perfectly copes with the task of simplifying the process and minimizing the amount of required data. Even an inexperienced payer can intuitively guess which field needs to be filled in.
If you are critical of any additional information, make sure you explain to the client why you are requesting it.
4. Allow customers to easily correct their mistakes.
Everyone understands that people tend to make mistakes. Sometimes they skip the postcode field or forget to insert the "@" into the email address. Your job is to point out the error and help the user fix it.
On some sites, the error message appears at the top of the page, but people don't realize that they have to scroll all the way to the top to figure out what went wrong. Ideally, the error message should appear in the area where the error occurred.
Another useful tip: it is much easier for people to continue paying in case of an error if you automatically save all the correctly entered information on the form. So the user will need to re-enter the data only in the field where the error was made. In the illustration below, you will see that the standard PayOnline payment form does not delete the data that has already been entered, and the error messages that describe them are clearly highlighted in red.
There is nothing more annoying for a user, especially if he fills out a long form, than re-entering all the data. According to a study by Invesp, the problem of customer loss due to incorrect display of error messages when filling out forms is among the top ten "conversion killers" during payment.
5. Let customers pay for purchases without registration
Do I need to force the user to remember one more username and password? Unlikely. Do not create another obstacle in the customer's path to payment. Forcing users to register for an account on your site is too intrusive, especially for first-time purchasers. Mandatory registration is another winner of the conversion killer rating.
A usability study by Smashing Magazine found that the main reason for users' dislike of registering accounts is the anticipation of unwanted spam. The study also notes that many customers do not understand why they have to register in an online store to buy something, while in offline stores no one requires them to register when buying. Another disadvantage of registration is that it adds several additional fields to fill out, which delays the checkout process and negatively affects conversions. To make life easier for customers and increase the likelihood of a favorable outcome, it is necessary to minimize the customer's time to place an order and request only the necessary minimum information from him.
For example, the online store "Bayon" does not require the client to "register", he asks him to introduce himself. And for this he offers the client to choose the most convenient way of acquaintance - using a social network, phone or e-mail. In addition, the registration form consists of only two fields, which cannot but please the client.
6. Don't "redirect" buyers
You've put in a lot of effort to get customers to your site. Why send them to another site for payment? If you can't control the design of the payment page of a third-party service, your customers may get the feeling that they are paying the wrong company from which they buy the product or service.
Today, commercial sites have the ability to integrate a payment form directly into your site page using Iframe technology. This allows you to reduce customer distrust to a minimum, without frightening them with unexpected redirects and “reassuring” the identity of the registration page and payment form. This is how we implemented the integration of the payment form into the payment page of client, the ad exchange.
Checkout and checkout are the last steps your customers take when buying, which is why you need your customer to see your business name on these pages.
7. Stick to a consistent design style
From a branding standpoint, you should make all the elements of your site as visually identical as possible. This means that you need to use the same colors, fonts, design elements. These requirements apply to the design of your payment instrument selection page and checkout page, as well as to other pages on your site.
By maintaining the visual identity of all the elements on your site, you can also increase your brand awareness among buyers. Of course, payment service providers are ready to provide you with ready-made payment pages designed to maximize your payment conversions. But if you have the resources for this, you should take care of adapting the form to the unique style of your online store. And given the variety of online fraud types and scary stories associated with it, it is not surprising that users are skeptical about the difference in the design of the payment page and the design of the website of the online store where they made a purchase.
To avoid misunderstandings and fears on the part of buyers, use an identical design for all pages of your site, especially the checkout and payment pages, as MTT has done. It should be noted that the change in the design of the payment page does not affect its security, only the "cover" changes.
In this example, you can observe a visual identity in which the payment page is fully consistent with the design of the site, even with respect to the characteristic design elements, including - fonts, colors, "buttons", shapes and even a corporate identity.
Convenience and safety - these are the basic requirements for the payment page by users. In the next part of the series "9 Secrets of Online Payments", we will tell you what opportunities mobile users give to e-commerce market players and what you need to know in order not to lose potential customers from the fastest growing segment. And if you want to set up accepting online payments on the website or in the mobile application, feel free to contact experts will advise you on any questions.
Part 5: mobile payments
A PayPal study showed that mobile payments are gaining popularity: 19% of users make payments online from tablets, another 32% - from smartphones. In world, 38% of mobile devices were used to pay online, and 5% of Internet users pay online only from a smartphone or tablet. The love for mobile payments is more pronounced among the younger generation - 61% of respondents aged 18 to 34 have already made payments on the Web from their smartphones and other mobile gadgets. Mobile payment applications are also popular - 43% of respondents installed them on their devices. In the fifth part of the series "9 Secrets of Online Payments", containing eight years of experience of the carders team, we will tell you about how to interact with the mobile audience, how it has changed in recent years and, of course, we will tell you how to effectively accept payments.
According to a 2021 study by PayPal, the growth of the audience of online payers is now due to new Internet users (+ 55% per year), consumers over the age of 55 (+ 17%) and residents of the provinces (+ 13%). World has passed a critical point in the development of electronic and mobile commerce. While someone is thinking whether it is necessary to develop a mobile solution for their business, buyers go further: 79% of respondents believe that in the future it will become customary to use mobile devices to pay for purchases in regular stores, 63% - that we will pay using wearable devices, These ideas will become a reality in the coming years.
According in the first quarter of 2021, 19.3% of online payments were made from mobile devices, 59% of them - from devices on the iOS platform. The share of payments from mobile devices increased in 2021 compared to 2020 by 157% and amounted to 19.3% of the total volume of payments made through the electronic payment system.
Unfortunately, the trend of shopping via mobile devices in Internethas been caught by only a few sites.
In most cases, it is very difficult, if not impossible, to make purchases using mobile devices on a site designed for desktops. Product photos do not open properly, design elements are too small, it is difficult to get to the buttons "select size", "specify quantity", and worst of all, the button "pay". After all, it is payment that is the final and key step on the way to turning a website visitor into a buyer.
Many problems also arise with a payment form that is not adapted for mobile devices: fields for entering details do not fit on the screen of a mobile device, the page with the form takes too long to load, and the security of the payment is questioned. Not surprisingly, many potential buyers who wanted to "quick" buy something from a smartphone are abandoning this idea.
What can be done to simplify the payment process for mobile users and not lose profit?
First of all, you need to give the client the opportunity to freely use the online service using a mobile device, that is, a tablet or smartphone (sometimes new generation TVs with Internet access are added to this group, but so far their share in the sales volume is extremely small, although it shows high growth dynamics). This can be done using a mobile site or applications for popular mobile platforms (iOS, Android, Windows). The transition to the mobile version or to the application should take place at the moment when the user tries to enter the site from a mobile device.
What to choose - a mobile version of the site or a mobile application - everyone decides for himself. Each of the options has its pros and cons: for example, applications are often more convenient, they make it possible to access the user's personal information (contacts, photos, etc.), but it is much more difficult to achieve installation of the application than to attract an audience to the mobile version site. But the application allows you to keep the attracted audience - and settle in a mobile device, "communicating" with the user using push notifications.
This raises the question of payment systems - how will the user pay for purchases? With mobile versions, everything is obvious - when a mobile device is detected, the user is automatically redirected to the mobile version of the site, and for payment - to the mobile version of the payment form. But when setting up payment acceptance, there are a number of aspects that you need to pay attention to.
Choose wisely: no need to overpay for accepting payments
The native payment services offered by the iOS and Android platforms charge the app owner a very high fee for processing payments: from 20% to 40%. This commission rate closes the mobile sales channel for low- and medium-margin businesses. Therefore, the first tip is to study the market and find a suitable payment solution.
In the cardable market, only a few independent payment services offer competitive payment processing fees to mobile application owners. Unfortunately, not everyone knows about this opportunity and builds in a "native" platform payment system, subsequently facing prohibitively high tariffs.
There are many nuances regarding payment systems in applications: a lot depends on what is sold (real goods or attributes of the game world, such as coins, armor, weapons), in which country the application is published, what is the turnover in it. For “imaginary” artifacts and premium access, only the internal currency of the mobile platform is often used, and it is prohibited to accept payments through third-party systems. If we are talking about physical goods (clothes, air travel, cinema tickets), then there are much more opportunities for integrating third-party processing with favorable tariffs.
The payment page must be an organic part of the application
As for the payment page itself, it is important to adhere to a single design corresponding to the application. The easiest and safest way to integrate payment acceptance in the application is to customize the payment form for mobile devices and integrate it through the built-in browser. It is also possible to implement a payment form directly into the application, but this significantly increases the level of risks, which means that it leads to an increase in commission.
The design of the payment form, customized for the rest of the screens of the application, is positively perceived by the buyer: he is calm and knows that he is still in the same application where he placed the order.
It is necessary to take into account the differences between mobile devices and desktops
The developer must understand not only the psychology, but also the physiology of the buyer: when a person holds a smartphone in one hand, it should be convenient for him to operate with just one thumb.
Payment form fields should be shortened and simplified as much as possible, this applies to both the mobile site and the application. You need to request only the data that is really necessary for the payment. Reduce manual typing of numbers and letters to a minimum - typing on the keyboard of a mobile device is not very convenient, there is a great chance of being sealed or suffering from auto-corrector replacements. Whenever possible, use drop-down lists that can be conveniently "scrolled" with one finger on the touch screen.
Do not overload
The speed of page loading in a mobile browser plays an important role. If the payment page turns out to be too "heavy", the user may not wait for its full load and leave for another resource.
But, at the same time, on the payment form, the user should see information about the order. It often happens that when paying for a purchase (especially an expensive one, such as an air flight, for example), already at the payment stage, the buyer wants to check the order details again. In the case of plane tickets, it can be time, airport, date of flight. To reduce the number of bounces from the payment form, it is recommended to put all important information on the payment page without overloading it.
Provide the buyer with the necessary information
Do not forget to inform the buyer about the stage of payment processing, as the process of verification and authorization of the payment takes time.
This way, the user will not have the feeling that his device is frozen or “something went wrong” and the payment has not been completed.
If an error occurs during payment, inform the buyer about its reasons, whether it is an incorrectly filled out payment form, lack of funds on the card, or any other problem. In addition, it is also advisable to recommend ways to solve it - choose another payment instrument, try to pay later, contact the support service.
Safety information is important
Today, almost every smartphone is a repository of vital information of its owner. All photos, contacts, messages, access to mail and social networks, payment data and confidential information - in fact, having free access to a mobile device, you can find out almost everything about a person. The owners themselves understand this, so they are often reluctant to leave their data when registering and paying. To convince them to protect the details of their bank cards, use the appropriate information on the payment form (for example, as the Vkontakte website does it, indicating "Secure connection. Your data is safe"):
If your service offers frequent purchases, you can link the user's card to the device. Regular customers will thank you, because to make a purchase, it is enough to enter a minimum of data - for example, only the CVV code on the back of the card. It is about linking the card and the functionality of “one-click” payments that we will tell in the next article from the series “9 Secrets of Online Payments”. In order not to miss the latest issues, subscribe to our blog. And if you need to organize acceptance of payments on the website or in the mobile application, feel free to contact with any 2-D Secure merchant (payment gateway).
Part 6: one-click payment
Payment systems do not stand still, inventing more and more new opportunities that make the payment process fast and convenient. One of these "chips" is payment in one click. About this - in the new issue of the series of author's articles "9 Secrets of Online Payments".
One-click payments is a modern payment tool that allows customers to pay for goods using a bank card without entering full payment details. Making a payment in one click is available only to authorized users of the online store - the client registers on the site and enters the full details of the bank card when making the first purchase. To make subsequent purchases, he will only need to enter the CVC / CVV code - the last three digits on the back of the bank card, press the "Pay" button and go through 3-D Secure authorization. In some cases, implementation is possible without entering the CVC / CVV code, but using only one payment button.
There is one important point when connecting “one-click” payment. The buyer must be informed about this option and the convenience of its use. The level of confidence in online payments is growing, and if at first such innovations were treated with surprise (“I didn’t write my data, how could the payment go through ?!”), now this is exactly what is expected from the store.
The main benefit of a one-click payment is to reduce payment procedures to a few seconds. And the speed of making purchases is one of the main factors in the transition of commerce from shopping centers to the worldwide global network.
Who should pay special attention to one-click payments?
One-click payment gives the user the feeling that they are waiting for him on the site, because when he arrives there, everything is ready to make a purchase. The service seems to be more friendly, it becomes "our". This significantly increases the level of customer loyalty.
According to PayOnline's experience, the implementation of “one-click” payments on the websites of clients of the relevant type of business provides an increase of 5-15% in payment traffic via bank cards. At the same time, the level of payment security remains at the same high level as with standard bank card payments by filling out a payment form.
Some about the experience of connecting payments “in one click”.
Part 7 - Fraud monitoring system (Security guard)
Why are payments being declined? How do online stores protect themselves from fraudsters? How to determine if you are paid with a real card or stolen? What provides e-commerce fraud protection? We answer these and other questions in the seventh installment of our series.
What is fraud
The term “fraud” comes from the English word “fraud”, which is translated as “fraud”. In a broad sense, fraud is unauthorized actions and unauthorized use of IT resources. There are many types of fraud, and users, merchants and banks can all be deceived. In most cases, the data of payment instruments - bank cards, electronic wallets, mobile funds - becomes the object of fraud, although any leak of personal data leading to the enrichment of an attacker can be called a fraud.
The most popular type of fraud with bank cards is the so-called “Friendly Fraud” or “FF”. How does the "FF" mechanism work? The cardholder makes a purchase on the Internet, and then requires the bank to carry out a charge-back - a refund to the card due to the failure to provide the service. And, if the store cannot prove the unreasonableness of the payer's claims, the bank must reimburse the required amount to the cardholder. And the "cost" falls, of course, on the online store.
Online stores can suffer from hackers who illegally enter the site system, their own employees who improperly use the company's databases, unscrupulous customers who indicate incorrect payment information for the purpose of non-payment, or initiate a refund after the goods are shipped or the service is provided.
How a payer can be a victim of fraud
Ordinary shoppers, on the other hand, face a multitude of threats that await them both online and offline. It is enough to lose vigilance a little, and this can play a cruel joke. The more tools for storing money and paying for purchases are invented, the more ways to steal them appear. If a couple of decades ago the most terrible loss was a wallet with cash, now the situation is complicated by the fact that almost each of us has several carriers of funds. And cybercriminals are ready to do anything to get their data.
For example, by taking possession of a victim's mobile phone, a fraudster can gain access to a mobile operator's account, a banking application from which it is convenient to transfer money online, card details that can be stored in the form of a photo or sent in a message to a friend, electronic cards (NFC - Near field communication tags - turn the smartphone itself into a bank card).
By linking a SIM card to a bank account, the user, on the one hand, protects himself. Information on payments instantly comes in the form of SMS notifications, and to confirm the payment, you need to go through the 3DS procedure and enter the code received in the SMS. The smartphone becomes a kind of additional customer identification. But once you lose it, the picture changes.
There is no need to talk about stealing the card itself. Today, the card number and CVV / CVC code are enough to transfer money from card to card. Methods such as phishing and skimming are used to obtain card data. Skimming - installing a counterfeit reader and keyboard on ATMs, which allow you to obtain data from the magnetic stripe and a PIN code, and then make a copy of the card and withdraw funds from it. Phishing is more diverse in its approaches. In fact, cybercriminals literally "fish out" the user's bank card details using fake websites, fake payment forms, calls from supposedly "bank employees", SMS messages and hacked friends' accounts on social networks. There are a lot of methods,
On the Internet, things are no better - for many online shopping has become as commonplace as going to the store for bread. And we will tell you more about how modern scammers operate on the Internet and how to deal with it.
Card fraud on the network
The online store, the bank, and the cardholder himself can suffer from card fraud. In the event of a leak of card data, cybercriminals try to withdraw the maximum amount of money and leave no traces so that online stores deal with banks, who should still reimburse the lost amount. It is impossible to keep track of the cardholders - the online store cannot know who is on the other side of the screen: an intruder or a respectable client. There is always a risk, but in order to bring its value closer to zero, there are many tools for checking payments and verifying payers. One of them, the system for monitoring fraudulent transactions or the "anti-fraud system", will be discussed below.
What is antifraud and how does it work
The general scheme of operation of almost any fraud monitoring mechanism is as follows: at the time of making a payment with a bank card, several indicators are collected (each anti-fraud system is different) - starting from the computer's IP address and ending with the statistics of payments on this card. The number of filters can exceed a hundred (for example, the PayOnline electronic payment system has more than 120 of them). The system has a set of rules, that is, the limits of security filters. Each of the filters checks the user - his personal and card data. The purpose of the system is to make sure that the user is the real owner of the card making a purchase on the site. In case of detecting suspicious activity, that is, exceeding any parameter value, the filter automatically blocks the possibility of making a payment with this card.
The user makes a payment on the site. Payment information goes to the fraud monitoring system. At this moment, the anti-fraud has two information packages: information about this single payment and the profile of the average payer of this online store. The algorithms of the fraud-monitoring system allow us to assess a number of factors, among which the main ones are:
The transaction is initially analyzed based on these and other factors. Based on the analysis, it is assigned a "label" that characterizes the way the transaction is processed. There are three types of tags. Green indicates transactions with a low probability of a fraudulent transaction. Transactions that have a higher than average chance of a fraudulent transaction and require additional attention to complete the payment are marked with a yellow tag. Transactions that are most likely to be fraudulent are marked "red" and will require documentary confirmation of the cardholder's authenticity.
The "fate" of each mark is individual. We have graphically presented the life cycle of all three types of transactions in the Figure below. Further, with a few simple examples, we will look at typical transactions of all "colors" and tell you what checks the fraud monitoring system determines for transactions, depending on the level of risk of fraud.
"Green" label transactions, everything is as simple as possible: for example, the payer pays with a card issued by a bank. The payment amount does not exceed the store's average check.
The monitoring system assigns a green label to the transaction. Next, the transaction is sent for authorization using 3-D Secure. And if the card is not subscribed to the one-time password service or the issuing bank does not yet support this service, a request to authorize this transaction will be sent to the processing center of the paying bank in the usual way - directly.
The average level of fraud risk determines a different way of checking the payment for legitimacy.
"Yellow" label assigned to transactions with average and above average levels of risk of fraudulent transactions. For example, online store, a purchase is paid for with a bank card issued, but the size of the average check is noticeably higher than the average for the hospital.
The system marks this transaction with a “yellow” mark, and additional actions of the payer may be required to authorize it. If the card is subscribed to 3-D Secure, then the transaction (as in the case of the "green" label) will be authorized using a one-time password. However, if the payer cannot use this payment authorization method, then his bank card will be automatically sent for online validation or manual verification.
"Red" label fraud monitoring system automatically assigns transactions with a high level of risk of fraudulent transactions. For example, payment online store is made with a card issued in the USA, and the payer is in Spain.
If payments with this bank card have not previously been made through this system, the fraud-monitoring system will mark the transaction with a “red mark” and transfer it from automatic authorization mode to manual. Such a payment will be sent for manual moderation to the specialists of the Risk Department. To authenticate the owner of a bank card, documentary confirmation is required - a scanned image of a bank card and an identity document of the owner. After submitting the correct scans of documents, the operation is transferred from "red" to "green" and sent for authorization to the bank's processing center. Questionable transactions that have not been manually moderated are rejected to avoid the risk of fraudulent transactions.
Thus, the analysis of transactions is automatically carried out by the fraud-monitoring system at once at three levels: a single bank card; e-commerce enterprise profile; the overall flow of transactions processed by the IPSP. Together with constantly improving algorithms for automatic collection, processing and analysis of data on completed payments, multi-level transaction analysis allows the fraud monitoring system to change in a timely manner, increasing the level of security for making payments on customer sites and reducing the risks of all types of fraud inherent in online commerce.
At the moment, we have achieved a value of the risk of fraudulent transactions of 0.02%
What worries the fraud monitoring system
What can cause suspicion in the antifraud system? Here are some parameters that are most likely to compel the system to monitor fraudulent transactions.
This list of "disputable situations" can give you a general idea of the logic of the system. Risk specialists and business analysts are trying to take into account all the nuances, adding new filters to protect the business of Internet companies from intruders. It should be noted that the logic of the fraud monitoring system and its parameters change depending on the payment service provider.
Manual configuration: why and who needs it
Fraud monitoring system settings differ depending on the types of business. There is a whole list of parameters to consider:
Sometimes a business has a very narrow specifics, and without individual customization, some payments simply will not be able to pass the standard anti-fraud settings, although they will not be fraudulent.
For example, restrictions on the geography of payments are critical for online tourism: a client may need to purchase a plane ticket while on a business trip abroad, and the system will block such a payment, since it is not made from the country where the payer's card is issued.
In this case, fine-tuning of filters is applied: you can set conditions according to which the payment will be passed, even if the condition of the payment geography is not met. Such changes are made to the system only after analyzing possible risks, under the supervision of specialists and after agreeing on the changes with a representative of the online store.
Personal intervention in the operation of the system can lead to large losses - if the fraudulent operations are approved, the online store will be obliged to return the money to the owner's card, even if the goods have already been shipped to the imaginary buyer. Moreover, a fine may be imposed on the store depending on the amount of fraud, and if such situations recur, special sanctions from international payment systems (IPS) may be imposed.
Pros and cons of the anti-fraud system
The advantages of the system for monitoring fraudulent transactions are obvious - automatic rejection of dubious transactions, protection of the online store from subsequent proceedings with banks, payment systems and real cardholders. And, of course, minimization of reputational and financial risks. The store's reputation will not suffer, and users will trust such a resource, and their loyalty will grow.
But, like any service, the fraud monitoring system has its own "production costs". Rejection of payments can lead to loss of customers, and therefore, profit. Without proper configuration, filters may not pass transactions that are significant for the online store, which will definitely not be pleasant to customers.
When choosing a payment service provider, you should pay attention to the declared conversion into successful payments: services that guarantee “100% successful payments” are likely to either deliberately overestimate their functionality or expose customers to the risk of becoming a victim of cybercriminals. For example, the conversion rate into successful payments after “manual” settings (or for standard online stores with a standard customer audience) varies within 93-96%.
Another unpleasant, but important point that will have to be faced when developing a fraud monitoring system on the side of an online store will be the protection of user data, both personal and payment. You will need to be certified to comply with the PCI DSS standard and take into account any data storage and processing restrictions that are regulated by law. This applies rather to those who nevertheless undertake the development of an anti-fraud on their own, so we will not go into details in this article.
Who provides anti-fraud services, and why only a few should invest in their own developments
Monitoring fraudulent transactions is a necessity in today's e-commerce realities. For a bank, the cost of maintaining and developing an anti-fraud system is more than an acceptable amount, which will pay off many times over in the process of use.
For a payment service provider, the fraud monitoring system is one of the key services that it provides to client companies.
For small and medium-sized businesses, the development of their own antifraud is an overwhelming and unrewarding project. The requirements for such mechanisms are growing every year, they are learning to process the information received more finely, taking into account statistics and behavioral factors. For the system to work efficiently and meet modern requirements, a staff of qualified specialists and significant technical capacities are required. In the vast majority of cases, e-commerce players cannot afford such fixed costs - and monitoring of fraudulent transactions is delegated to payment service providers that specialize in the analysis and processing of payment transactions.
About Cadable Payment Gateway (merchant)
Electronic payment system offers flexible high-tech payment solutions for companies doing business on the Internet. The company has extensive experience in integrating and customizing payment solutions for websites and mobile applications.
Merchant has in-depth knowledge of the implementation of payment technologies to increase usability and success rates. Thousands of e-commerce businesses around the world are already using services, and the company is always happy to share their experience with new customers. Key regions of activity are the Europe and Asia.
Part 8: refunds - and how to avoid them
Could there be something more offensive for an online store than lost profits? Can! Even more offensive is the situation when the money has already been credited to the account, and the client or the bank suddenly demanded to return the funds back to the payer's card. Especially if the service has already been provided or the shipment of the goods has already taken place. What to do in this case? About this - in the new, penultimate article of the series "9 Secrets of Online Payments", which concentrates the eight-year experience of the carders team.
Imagine a situation: a customer makes a purchase using a card, but for some reason the product does not suit him. The client returns the goods and initiates the so-called refund - a voluntary return of the payment made earlier on account of the purchase with a bank card. Most often, it is carried out at the request of the buyer. Another case is card fraud, and there can be different situations here. Firstly - friendly fraud - when an attacker places an order for a large amount, the goods are shipped to him, and the online store receives a request for a refund of the "real" cardholder's money. According to the legend of the accomplice, his card was stolen, and a purchase was made from it. The “real” cardholder demands to return the money to him, and if the bank takes his side, then the online store remains without goods and without money.
Secondly, these are real cases of theft of cards for the purpose of making purchases without the knowledge of the owner. Even if it was possible to identify the fact of fraud, and the goods have not yet been delivered, the online store still loses the commission for processing the transaction by the processing center. These returns are called Chargebacks. This is the procedure for debiting funds from the account of an online store or other e-commerce enterprise for an authorized, that is, a previously completed payment, initiated by the holder of the bank card or the issuing bank. Often, the charge-back procedure is carried out in accordance with the rules of the international payment system in case of their violation by an e-commerce enterprise.
First of all, the task of reducing the number of returns falls on the shoulders of the online store itself. It is he who is most interested in preventing such situations. The entrepreneur has many motives: first of all, this is his income, and secondly, the minimization of the risk of non-refund of the commission for the transaction; in addition, an online store can lose customer loyalty. What methods can be used to deal with returns?
Site requirements
In the process of connecting the payment acceptance system to the site, many requirements may be imposed due not only to the security of transactions. Here is an example of some of the requirements for sites planning to use the connection to merchant:
It is recommended to place a minimum amount of reference information on the site:
Anti-fraud
If the online store encounters fraud too often, banks may refuse to work with it, and it will be impossible to accept cards or other online payment methods. There are a number of technologies to combat fraud (PayOnline talked about them earlier in the previous articles of the series "9 Secrets of Online Payments").
Setting up a payment service
Another way to avoid refunds for online stores is to freeze funds on the payer's card. It is especially popular with large retailers during the period of their active growth or sales. The laugh is simple: the client checks out the goods on the site, and the required amount is frozen in his account. After the online store confirms the availability of the goods and the readiness to deliver it to the client, the payment operation takes place and the money is debited from the card. PayOnline partners shared their impressions of this option, saying that during the sales period, when orders were coming one after another, the online store employees simply did not have time to quickly check for goods. By freezing funds on the card, they collected orders and at the end of the day checked what could be delivered the next day and what goods were out of stock.
This method solves several problems at once:
Thus, by avoiding refunds, the online store will not only retain profit, but also its image in the eyes of customers and partner banks. In the next, final part, we will tell you how to customize a payment service specifically for your type of business. If you still have questions or you need to organize the acceptance of payments on the website / in the mobile application, please contact with specialists will consult and select a suitable payment solution.
By helping hundreds of customers set up a payment service, we have made sure that there is no one-size-fits-all payment solution for all types of businesses. Each online store or service has its own characteristics and requires an individual approach. In the ninth and final issue, we will tell you how to customize a payment service for your type of business.
Retail: online shopping
Online stores make up the lion's share of customer base - and it was on their settings that we, as they say, "ate the dog". And, of course, recommendations for retail are universal and easily scale to almost all other types of businesses. So, what should an online store owner pay attention to?
First of all, for the size of the average check and daily turnover. If these figures differ from the “hospital average”, the corresponding filters need to be adjusted. Otherwise, you run the risk of a payment rejection for your dream order for $ 100000 or even suddenly stop accepting payments in the middle of the working day due to exceeding the maximum allowable payment turnover in 24 hours.
After that, it's worth looking at the geography of the clients. If you receive orders and, accordingly, payments from other countries, ask if they are included in the basic list of countries from which payments are approved by default. If not, it is worth taking care of expanding the list of "open" countries.
Next - pay attention to the settings of the 3-D Secure protocol. We always recommend clients to check the entire volume of payments using 3DS, as this guarantees 100% protection against fraud. However, it should be borne in mind that only 80% of the cards are subscribed to 3DS. Thus, with the growth of turnover and sales volume, this 20% starts to play a significant role, and the business has to find a trade-off between security and conversion. You can read in detail how to set up 3D-Secure in our first issue this series.
Pay attention to the payment form - its format, design and number of fields. You can embed a form on your site using Iframe technology - and reduce the number of steps in your conversion chain. You can implement your own form design - and "reassure" users, increasing their confidence in the payment process. You can reduce the number of fields - however, do not forget that each form field provides food for thought to the fraud monitoring system, helping it to minimize the risks of fraud and the accompanying financial losses for your business.
And, of course, you should remember your client and strive to make the order payment process as simple and painless as possible. For this, a wonderful tool has been implemented - "payments in one click”. The card is linked to the payer's account on your website, and all subsequent purchases are made without entering the card details.
"Mobile-oriented" business
If you follow the audience of site visitors, you know exactly from what devices they are accessing it. Data Insight's research "Internet commerce 2021" showed that online shoppers are increasingly using mobile devices in the shopping process, a trend that shows steady growth year after year.
In addition, many users use several screens at once at different stages of the purchase.
What conclusion can be drawn from this?
First of all, buyers are switching to mobile purchases. Of course, the end of the era of total desktop rule is still far away, but now we can confidently talk about the need to implement both mobile sites and applications and mobile payment solutions. Learn more about setting up mobile payments.
If you only use the mobile version of the site in sales, remember: making a payment is the last step in the checkout process, and problems on the payment form can infuriate any buyer, leaving a negative impression about the service. In order for this not to happen, it is necessary to provide the buyer with the opportunity to use the mobile form.
A mobile-friendly payment form has many advantages:
Of course, not all businesses require this option. You can see in which segments most often buyers use desktop computers and / or mobile devices. They should think about connecting a mobile solution for their online store.
Tourism: Online Travel Agency
A distinctive feature of working with services from the field of online tourism is the "long entry". A long entry is an additional parameter for ordering an air ticket, reflecting the identification parameters of the passenger: the ticket number itself, the passenger's surname, as well as the flight data (airport name, etc.). When buying other products on the Internet, these parameters are not requested. In accordance with the rules of international payment systems (IPS), the presence of a "long entry" allows you to reduce the commission of the acquiring bank. This is due to the fact that the cost of such an operation for the acquiring bank will be lower, which will accordingly reduce its commission. The use of a "long entry" also reduces the risk of a fraudulent transaction being approved, because there are additional parameters and it is more difficult for fraudsters to cheat the system allows you to use a "long entry" and minimize the cost of Internet acquiring.
Another "trick" of the payment system that significantly affects your profit is the settings of the system for monitoring fraudulent transactions. For some types of business, basic settings are suitable, while others will require fine tuning and customization. The monitoring systems of various payment service providers differ from each other. The fraud-monitoring system of the PayOnline payment system contains more than 150 filters that check the payer's account, the country of payment, the country of issue of the card, the number of transactions from this card, the size of the payment, and much more.
The tourism business, for example, is characterized by cross-border payments. With the standard anti-fraud settings, problems are likely to arise: the cards are issued in one country, and the payment is made in another. This will lead to the rejection of the transaction, which means lost profits. You won't be able to disable anti-fraud just like that - this will lead to an increase in the number of fraudulent operations.
And for the proper adjustment of filters, the joint work of specialists from a travel company and a payment service will be required. After all, to correctly configure the filters, you need both detailed information on the geography and specifics of the client's business, as well as the statistics of the fraud monitoring system and the expert knowledge of risk monitoring specialists. Only this combination will allow you to select the necessary system settings without harming your business.
Utilities: housing and communal services
In the field of payment for housing and communal services, there are also some nuances: for example, the commission for payments of the processing center, the acquiring bank, which the online store usually pays, can be passed on to the payer himself. In this case, the final amounts are credited to the organization's account in “pure form”.
Another point to consider when choosing a payment partner is the ability to upload data to the billing system and provide registers for machine processing. The amount of information on payments in this area can be truly gigantic, while they are of the same type, so convenient data registers are an important part of a payment service.
Microfinance organizations
Microfinance organizations that issue short-term loans of small volume at a daily interest rate require advanced functionality: in addition to standard Internet acquiring, it is necessary to make payments to cards.
For MFO specialists, the extended functionality of the "Personal Account" is needed, so as not to get confused who the loan was issued to and who returned it.
Another option that such a service needs is rebills. Rebill - recurring payments that are used to make recurring payments without the participation of the buyer in order to reduce the inconvenience of the user from the need to periodically initiate a payment on his own. In the case of an MFO, the borrower enters the data of his bank card once at the time of issuing a loan, and at the appointed time, the amount to be returned is debited from him.
By the way, rebills will be useful not only for MFOs - with their help, various services can effectively accept payments that imply the availability of access for the buyer for a predetermined paid period of time and the subsequent extension of this access due to automatic regular payment - for example, a subscription to online magazines or functional services like dating sites. The use of rebill allows customers to pay for goods using a bank card without entering full payment details, reducing the online payment procedure to a few seconds. Acceptance of payments using the rebill procedure is not inferior in terms of security to the standard payment procedure and meets the security requirements of international payment systems.
Having studied all nine secrets of online payments that introduced to carders readers, an online store or service can significantly increase the capabilities of its site by setting up a payment service.
Thanks for reading this thread and if you want to know more, you can ask below!
Content:
Part 1. Setting up 3D Secure
Part 2. Recurring payments
Part 3. The page for choosing a payment method
Part 4. Payment form
Part 5. Mobile payments
Part 6. One-click payment
Part 7. Fraud monitoring system
Part 8. Refunds and how to avoid them
Part 9. Payment service settings for the type of business
Part 1. Setting up 3D Secure
A brief excursion into the history of the issue
The creator of the 3-D Secure (3DS) protocol is the international payment system Visa (Verified by Visa program). 3DS is supported by the world's key payment systems: MasterCard SecureCode and J / Secure from JCB International.
The main task of 3DS is to protect payers and businesses from fraudsters. Support for the 3DS protocol practically eliminates the risk of fraudulent transactions using a bank card, as it is another way to confirm the identity of the payer.
Why is 3-D Secure called that? Three domains (3D) are involved in payment processing using the 3DS protocol, on which transactions (payment transactions with bank cards) are created and verified: the acquirer's domain, the issuer's domain and the interaction domain.
How it works?
80% of bank cards are subscribed to the 3-D Secure protocol. More 300 million shop online. This means that more than 250 million went through the payment authorization process using 3DS at least once. How does this happen from the payer's point of view?
A person places an order on the website, clicks "Pay" and, having completed the payment form, goes to the page located on the domain of the issuing bank (the bank that issued the card) to enter a unique verification code.
In most cases, the code comes in the form of SMS, sometimes other mechanisms are used (a set of codes on the card, clarification of the code by phone at the bank, etc.). All the payer needs to do is enter the code in the appropriate field and complete the payment procedure.
From the point of view of an online store, it's not that simple. Not all bank cards are subscribed to 3DS: a number of banks simply do not support the protocol, in some banks the decision to connect to the 3DS authorization service is made by the payer. There are about 20% of such cards. World has issued more than 1000 million cards, one and a half cards per person. Of course, it should be borne in mind that people who make purchases on the Internet are trying to protect themselves, and cards without 3DS are mainly issued as part of salary, pension, and scholarship projects.
But, nevertheless, in the audience of each commercial site there are clients with cards that are not subscribed to 3DS (their share depends on the type of business of the company, the geography of its work, and other factors). You need to make a decision on how to work with these clients, how to set up the 3-D Secure protocol.
This is where the online store is faced with the issue of security and the need for risk assessment. Skipping all transactions in a row is a risky step, you can "run into" scammers, get chargebacks and lose a significant part of your profit. On the other hand, declining payments on cards that are not subscribed to 3DS means losing loyal customers and your own profit.
The trade-off between security and conversion
Setting up 3D-Secure on a website is a delicate matter. It requires an understanding of the level of risks in the segment of the Internet business in which the company operates.
There are three main types of settings for the 3DS protocol:
- Minimal 3DS;
- FULL 3DS;
- Two stage 3DS.
We will tell you more about configuring the 3-D Secure protocol below. We note right away that further we will talk about setting up the acceptance of payments by cards subscribed to Verified by Visa or MasterCard SecureCode.
Full 3DS
Full 3DS is a basic 3DS protocol setting recommended by international payment systems. This setting minimizes the risk of fraudulent transactions and, accordingly, the likelihood of chargebacks and financial risks for the company.
How it works? Very simple. Payments are approved only after authorization using the 3DS protocol. Valid for all cards without exception. All transactions are processed using the 3DS protocol.
If 3DS verification on the issuer's side does not work or the card is not subscribed to 3DS, the transaction will go through only with the issuer's consent, otherwise it will be rejected.
This protocol setting complies with international security standards and minimizes the risk of fraudulent transactions. As part of our basic box-based payment solution Pay-Start (the solution is developed for sites with a turnover of up to 30 thousand rubles per day), only the basic, Full, setting of the 3DS protocol is used. This provides small companies with almost complete security when accepting payments. The payment service is responsible for the security of payments and will never recommend the client to "put himself at risk" of fraudsters.
However, in the case of large businesses, the issue of increasing conversions becomes so critical that it can force the entrepreneur to make concessions regarding safety. In this situation, some or all bank card payments are processed without verification using 3DS. This concerns the minimum and two-step protocol settings.
Minimum 3DS
The minimum settings of the 3DS protocol allow you to check the cards signed on 3DS, and skip the rest without verification (more precisely, with verification - but using other security tools, the so-called security filters).
So, when choosing the minimum 3DS settings:
- If the card is not subscribed to 3DS, the transaction goes without 3DS.
- If the card is subscribed to the Verified by Visa or Mastercard SecureCode program, the transaction goes through 3DS.
- If for some reason the 3DS check on the side of the issuer (the bank that issued the card) does not work, the decision on the fate of the transaction is made in accordance with a predetermined algorithm.
Two stage 3DS
This 3DS protocol setting is similar to the minimal one, but it has one significant difference. In this case, all requests for approval of transactions are sent to the issuing bank using the 3DS protocol. And the issuing bank decides on the possibility of a transaction if the payer's card is not subscribed to the 3DS protocol. If the bank rejects the transaction, it is sent for verification again, but not using the 3DS protocol.
You can go further and choose one of three possible options, setting up 3-D Secure even more "thin", taking into account the type of business and the geography of the countries in which the interests of the company are represented. For example, enable 3DS for certain countries or a given type of cards, as well as depending on various payment parameters - amount, payer's geography, etc.
It should be noted once again that the minimum and two-stage 3DS, if used unprofessionally, can increase the risk of fraudulent transactions and, accordingly, financial losses. In general, setting up 3DS is not a toy at all.
Before changing the protocol settings, a joint analysis of the audience and the specifics of the company's business is carried out (the average "hospital" level of risks in this segment, the geography of payment acceptance, the size of the average check, etc.). The analysis is carried out by specialists of the payment service with the participation of representatives of the client's company. Based on the results of the analysis, recommendations are provided on the possibility of changing the settings and the associated risk level. The final decision is made by the client, as he takes responsibility for the possibility of fraudulent transactions. It should be noted that changes are most often implemented if there are no serious fears of fraud.
What to do?
This raises the question, what is the more convenient, profitable and safer scheme for an online store or another service that accepts payments online?
The only weakness of Full 3DS is obvious - payments for cards that are not subscribed to 3DS (in some country there are about 20% of them and their number is constantly decreasing), will be rejected. Such cards are usually issued by banks outside the TOP-50, often regional ones. The main advantage is almost complete security: in accordance with the rules established by international payment systems, the issuing bank (the bank that issued the card) is responsible for transactions processed using the 3DS protocol.
By choosing a two-stage or minimal 3DS, the online store assumes the risks associated with the possibility of fraud (fraudulent transactions). However, with professional risk analysis, fine tuning of the fraud monitoring system on the side of the payment partner, the share of successful transactions increases noticeably, sometimes by tens of percent.
From theory to practice
Consider the case of one of clients, the airline ticket agency. The company's turnover in 2013 amounted to $ 4.5 billion, today the company boasts one and a half million passengers served.
In March 2014, the companys faced a problem: authorization of buyers using the 3-D Secure protocol provided a high degree of protection, but the company was faced with the task of increasing the conversion in payments: only 79% of transactions were approved.
At that time, two-stage payment authorization was used. The first stage of authorization was carried out using the 3D-Secure protocol. If the payment was made from a card that was not subscribed to 3DS, at the second stage of authorization, the check was performed by the fraudulent transactions monitoring system (it will be described in more detail in the following articles) based on the settings of its filters.
After analyzing the audience of buyers, the core of which was made up, the specialists together with consultant decided to change the security settings for payments made by cards issued. For such payment transactions, authorization via the 3DS protocol was disabled. They were checked fraudulent transactions monitoring system, each of 154 filters, which was configured in accordance with the specifics of the business. For other types of transactions, 3DS authorization continued to be applied.
The result was not long in coming: within six months, the conversion "skyrocketed" to 91%, and continued to grow.
At the same time, the number of "clean" transactions rejected by the monitoring system for this period can be counted on one hand - and all of them were subsequently identified and carried out manually. And thanks to the professionalism of the specialists involved in configuring the 3DS protocol, the changes did not affect the security level.
In the next issue, we will tell you how to link a client to your service using regular payments, what it is, what questions you may have at the connection stage, and payers in the process of using, and what kind of “profit” awaits as a result. If you want to connect and set up payments, experts will help you with this.
Part 2: recurring payments
It doesn't matter what you sell online, today it is a "good form" to accept payments by bank cards. However, depending on the type of business that you enter on the Internet, you can not only follow the rules, but also set up payment acceptance as efficiently as possible and "squeeze" the maximum profit from your site.
In today's issue, the second in the series "Top Secrets of Online Payments for carding", we will tell you why recurring payments, also called "auto payments" and "recurring payments", are so important for any online business, how users perceive them, how to interest and how to use them to keep a client on your site. This series is dedicated to the step-by-step setup of payments on the website and in mobile applications, contains eight years of experience of the carders team, which connected payment for more than 1,000 online stores and services.
From the buyer's point of view, auto payment is an opportunity to save time. A user who chooses a certain service on your site will only need to enter the card data once and forget about the need to visit your site every month, select this service and drive in the card data during the next payment. By providing the client with the opportunity to activate "auto payment", you will save him from the risk of being left without access to your service at the most inopportune moment (and yourself from losing the client).
How it works:
- When paying for the service for the first time, the user registers on your website and enters his bank card details as in a regular purchase: the name and surname of the card holder, number, expiration date, CVV / CVC code.
- In the course of payment, he confirms that he wants to "subscribe" to the service and agrees to a periodic write-off of the subscription fee.
- The customer's bank card is linked to the user's account in your system.
- Information about payment in encrypted form is partially stored on the side of the acquiring bank, partially on the side of the payment service provider. Payment data is completely safe: the company selling the service does not have access to them. And even on the secure servers of the bank and the payment service provider, different parts of the data are stored, which are "collected" only at the time of debiting.
- After the expiration of the paid period, the amount necessary for the renewal of the subscription is automatically debited from the "linked" card.
- At the time the funds are debited, the bank card data is “collected” from parts stored on the side of the acquiring bank and cardable merchant and sent as payment.
- Write-offs are made until the payer "unsubscribes" from the service.
Who needs it?
In our practice, regular payments are most often used by Internet providers and other telecom market players. But in general, auto payment as a payment service is vital for all companies selling services or services that users periodically renew:
- Internet service providers.
- Housing and communal services companies.
- Fixed and mobile providers.
- Online software stores.
- Online Games.
- Social networks.
- Educational portals.
- Resources providing paid statuses to users.
- Internet cinemas.
- Online services for small entrepreneurs.
- And many others.
Even if you are selling products, this payment tool can be useful. For example, if a customer buys contact lenses from you on a monthly basis, they can be offered an auto payment - for the monthly payment of an identical order and its delivery.
Application of "auto payment" in your practice
- The competent use of this tool helps to optimize a number of business processes and achieve very important results:
- Automatically collect payments for the renewal of the service subscription, without burdening the company's specialists with tracking and controlling the renewal.
- Reduce the rate of refusals after the first month (or other paid period) of using the service.
- Simplify the process of controlling payments and planning income.
- Reduce the share of refusals due to errors at the stage of ordering and paying for it (the order is placed and paid only once).
How to motivate the payer to "stick" to you?
The convenience of using auto payment when paying, for example, for the Internet or mobile communication, is clear for both the seller and the payer. However, if you sell access to services (for example, dating sites) or content (online cinemas, etc.), things are not so obvious.
In this case, you can offer the user to authorize his card (link it) and get a month of free access to your resource. If the user does not like the service, he can unsubscribe for the next month. But if you provide quality services, your client will have time to evaluate them in a month - and are unlikely to want to refuse to renew their subscription.
There are many ways to get customers to use Auto Pay. Every business has its own specifics - and no one knows your customers better than you. Think, perhaps, connecting "auto payment" will allow you to significantly increase the company's income, and make the use of your service more convenient for users.
Please keep calm!
Money is very “personal”. The payer is worried about the safety of his funds even with a one-time payment, let alone multiple write-offs. Therefore, it is necessary to tell the client subscribing for auto payment in as much detail as possible about:
- What is auto payment, what are its limitations.
- How such a service is activated.
- How the funds are debited.
- How to opt out of the automatic payment service.
- And even - how to get your funds back.
An example of informing clients is an instruction on the use of auto payment, implemented by one carder.
Depending on the specifics of your business, you can notify customers on a monthly basis about the date and amount of the next write-off - or opt out of notification.
Separately, it should be noted that automatic debiting of funds cannot be performed if there are no funds on the card. In the absence of funds on the bank card at the time of debiting the funds, auto payment is not disabled. The next attempt to write off funds occurs on the same date, but already in the next calendar month. In the event of a card re-issue, it is necessary to inform the client about the need to link a new card to the account.
Practice
Let's look at how Microsoft uses the Auto Pay service using the example of buying Microsoft Office. It is important to start working with possible objections of potential payers at the stage of product selection. That is why already at the stage of comparing packages, Microsoft tells the buyer not about the purchase, but about the subscription: this is how the user gets used to the wording “subscription”, which implies periodic payments.
After the visitor goes to the page of a specific product, he is offered two options for purchasing software: "for 1 year with automatic renewal" and "for 1 month with automatic renewal". No purchase, just a subscription with an emphasis on auto-renewal. Thus, in the first step, the user gets used to the subscription, and in the second, he resigns himself to automatic renewal.
When proceeding to pay for the order, the user is again informed that he is buying software with automatic renewal (that is, with automatic debiting of funds for paying for it - without human intervention). This attention to detail allows Microsoft to reduce the rejection rate at the stage of card linking and payment, as well as reduce the flow of negativity from inattentive customers who make a purchase without paying attention to information.
After entering the bank card details and authorizing it, the buyer is taken to the purchase completion page. On this page, he learns about the conditions for using "auto payment":
In addition, he learns that auto payment will be activated at the time of payment. Also, even before paying, he is invited to familiarize himself with the official terms of use and sale of the purchased software, including the terms of payment. And only after that the purchase is completed, auto payment is activated, and the client and his card are “tied” to the seller.
The same Microsoft used an excellent working case to increase the "stickiness" of clients. The user was offered a free month of using any Office suite, but to gain access it was necessary to go through the same card authorization procedure and agree to a "subscription" and auto payment, but in a month. During this time, the user gets used to the service and calmly accepts subsequent charges for using the software. This scheme is easy to adapt to almost all types of companies listed in the "Who needs it" section.
In the next article, we will tell you about setting up the page for choosing a payment method, namely: whether you need to connect all possible payment instruments or should you limit yourself to the "necessary minimum", and also figure out who pays with what and why on the Internet. Stay tuned for new articles in the series on our carding forum. And if you need to organize acceptance of payments on your website or in a mobile application, we will select a high-quality payment solution that suits your type of business.
Part 3: the page for choosing a payment method
Today, the number of online payment methods in Internet has exceeded a hundred: bank cards, e-wallets, mobile accounts, terminals, Internet banking - and that's not all. In the latest installment of the this series, about company's that provides services for integrating various payment methods into websites and mobile applications, will help you answer two key questions: "What?" (what methods of payment do your customers need) and "How?" (how to help a client choose a payment instrument without difficulties and problems).
Let's start with the fact that there is no and cannot exist a single ideal list of payment instruments for all sites. The list of payment methods is formed depending on several key factors:
- Average check size.
- Business geography.
- Goods or services.
- Habits of customers (buyers).
Now we will consider the impact of these criteria on the formation of an optimal set of payment instruments.
Average check size
This is perhaps the most important criterion for choosing a set of payment instruments. Large payments are made online in two main ways - by credit card and using internet banking.
For a small check, you should include e-wallets and payments from mobile phone bills in your payment arsenal. It is worth noting that many electronic wallets today (in Runet - Yandex.Money and QIWI) issue bank cards associated with the wallet. This additional service turns the wallet user into a bank card holder.
Business geography
Companies that work with an international or overseas client audience need to pay attention to this point first. For them, it is mandatory to connect to the acceptance of payments by bank cards of international payment systems that are not common in some country: American Express, JCB, Diners Club, UnionPay. It will be useful to connect such a universal payment instrument as PayPal (although, according to user reviews, this is still difficult).
Products or services
Selling goods is critically different from selling services with one but the most popular payment instrument - cash upon payment. From 40% to 90% of buyers pay for goods in cash (depending on the level of trust in the store, the cost of the goods, the geography of delivery). It should be noted that there are practically no micropayments in the Internet business product sector, which means that there is no noticeable need for appropriate payment instruments.
In the case of the sale of services, all payments are made via the Internet, and here it is necessary to provide customers with a complete, but not overloaded list of payment methods. Think about how it is convenient to pay for your minimum check (possibly SMS payment) and maximum check (what types of bank cards are needed).
Customer habits
Don't forget your shopping habits. For example, if you are selling software, your customers will probably want to pay for their purchase using WebMoney. And if you are selling a subscription to a game, do not forget to pay from your mobile account. Look at your site through the eyes of a client, draw his "portrait", detail financial habits and create the most comfortable conditions for the buyer to part with money in your favor.
What's more important
Depending on the average check and segment (goods or services), payment instruments can be distributed according to the level of importance for certain categories of online stores and online services.
Next, we will give you some tips that will help you make the page for choosing a payment method as efficient as possible. And, of course, we will analyze practical cases taken from the practice of real Internet shops on the Runet.
First advice. Do not follow the logic "The more the better"
In most cases, only a couple of payment instruments are in real demand (see Table 1). The largest selection of payment methods is provided to their customers by coupon services, online software stores, ticket (city) ticket offices and government services. In the vast majority of cases, 99% of online payments will account for 2-3 payment instruments. Do not forget that most prefer to pay in cash on delivery for large physical goods in order to check the quality of the goods before buying.
Below is an example of a redundant list of payment instruments. Despite the appeal “Please choose a convenient payment method for your order”, there is no “smell” of user friendliness here. The list is overloaded with payment options, additional information about the commission. Probably, the ranking of the priority of payment methods was also not carried out.
To increase the convenience of the page, it is worth highlighting the priority tools, collapsing the homogeneous ones into a drop-down list (for example, "Money transfer - select"). Additional information on the commission should be removed or converted into the final cost (without forcing the user to independently calculate the difference between the items "commission 2-3%" and "commission 1-2%"). The usefulness of the information about the commission is doubtful, since the indicated ranges do not add specifics, but are put into a stupor: "commission 4-20%", "commission 3-15%".
Second advice. Structure payment methods
If you provide your customers with a wide range of payment instruments, create a separate section for bank cards, a separate section for electronic money, and a separate section for payments via mobile operators. Visualize payment methods with icons and logos. In large volumes of text, attention is scattered, sometimes it is difficult to understand how they differ. It is better to immediately recalculate all discounts and commissions into the final amount of the order (and do not forget about the rules which prohibit charging more money for payment with a bank card than for any other payment method). Below is an example of the incorrect structure of the page for choosing a payment method.
All payment methods are dumped into one field, there is no division into types of payment methods (card, terminal, SMS, electronic wallet). There is another set of payment instruments hidden under the Show other payment methods link. There is no need to force the client to independently orientate in all the variety of the presented payment methods. Provide him with a clear structure with a logical division.
This online store shows the buyer three simple groups of payment instruments: "Cash", "Bank", "Electronic money". Of course, the division is not generally accepted (the concept of "Bank" often includes Internet banking, and not payment by credit card), but the desire to make the choice of a payment method as simple and convenient as possible is clearly visible. Another plus is the automatically calculated purchase price for each payment instrument. The buyer does not need to count himself and he is certainly grateful for that.
Third advice. Don't scare the client with terminology
Your customer is not required to be familiar with the terminology common in the Internet business environment. Separately, it should be noted that even payment service providers, not to mention stores, often use completely different terms to denote certain phenomena of "payment reality". Speak with clients in their language, and get rid of rejections at the stage of choosing a payment method and at the stage of payment, additional burden on the call center and other consequences of misunderstanding.
In the following example of incorrect use of the terms, the customer is presented with a choice of “payment method” and “payment method”. To the user, this looks like a repetition, a tautology, an error, and, finally, confusion.
And the online store in the first case offers the buyer (!) To choose which payment service will process his payment. And only in the second case, the buyer chooses which payment method will be used to make the payment: by card or from an electronic wallet.
Fourth advice. Don't leave your work to the client
Often, online stores that accept payments through several payment services (aggregators, payment service providers, acquiring banks) offer customers to independently choose “through whom to pay”. In his opinion, as a typical payer, all payment services are "on the same face", and most likely, for the first time he hears about both. The payer does not understand why a second payment aggregator is proposed for making a bank card payment.
Distribute payment traffic between aggregators yourself. Do not force the payer to try to hit the sky with your finger. It is better to offer the client to choose the type of bank card. A more logical implementation of the choice of a processing center is shown in Figure 6, where by default payment with a Sberbank card through an acquiring bank is selected. Since Sberbank cards account for more than 60% of payments in Runet, this choice is justified. If the payer pays with a card of another bank, he can change the processing center. Although, again, nobody canceled the routing of payments.
Fifth advice. Don't overload the checkout page with unnecessary links
The buyer should not be distracted by unnecessary information and leave the page for choosing a payment instrument. This breaks the conversion chain and negatively affects the share of successfully paid orders. The following is an illustrative example of correcting such an error.
That's all. In the next part, "9 Secrets of Online Payments", we will tell you what every owner of an online store that accepts online bank card payments needs to pay attention to. And if you need to set up accepting payments on the website / in the mobile application or get expert advice, we will find a suitable solution.
Part 4: the correct payment form is the key to successful payment
The payment form is the final step when making an online payment, and nothing should prevent the buyer from taking this step. In the new issue of the series "9 Secrets of Online Payments", we will tell you what a payment form should be on a commercial website so that the client does not interfere with the successful payment.
The payment page is critical. It is the “end station” for customers who shop on your site. This is the place where the user enters his bank card details and makes the final decision to part with the money earned "by sweat and blood". Here the site visitor becomes a customer that brings the company money.
Based on the results of seven years of work in the e-commerce market and based on the experience of hundreds of clients, the specialists which organizes online payments, identified seven key points that every owner of an online store that accepts online bank card payments needs to pay attention to.
1. Trust and security
The page with the payment form must be generated individually for each payment. User data must be reliably protected from intruders and transmitted to the acquiring bank in encrypted form using the TLS (Transport Layer Security) cryptographic protocol. Payment security must be confirmed by PCI DSS (Payment Card Industry Data Security Standard) security certificate. And most importantly, the payer should know that his money is safe. Whenever a customer's billing and personal information is involved in the checkout process, remember to demonstrate all the precautions you and your payment partner take to keep them safe.
In a survey conducted by Econsultancy, it was found that 58% of respondents interrupted checkout due to concerns about the security of payments. Only use the services of payment providers that have a TLS (Transport Layer Security) certificate. The certificate is used to ensure a secure connection and to encrypt bank card information. In addition, the payment processing process on your site must comply with PCI Security Standards Council (PCI SSC) standards. PCI DSS certificate confirms that payment processing is carried out in accordance with international security standards established for companies that store, transmit, process payment data.
Be sure to show the users the PCI DSS certificate, Verified By VISA, MasterCard Secure Code, etc. badges, as shown below using the example of the payment form of the Liters online store.
2. Get rid of distractions
The checkout page is the last step a customer takes on your site, and in our era of clip thinking and total lack of concentration, it is necessary to eliminate all factors that can distract the customer from completing the purchase. This means that you should not post any promotional materials on the checkout and checkout page, under any circumstances.
At this stage, the main goal is to accurately "bring" the client to the payment. An example is the registration page for the "Budist" service. The service focuses the attention of users on the form by removing the top menu from this page and leaving only the most necessary motivating information. Each field is accompanied by a hint - why the service needs this or that data.
3. Request only information you really need
Nothing hurts a conversion like having to fill out a form with information you don't need to complete a purchase. And a long list of fields to fill out becomes an obstacle course for payers, which only hinders him. The payment should not look like a hurdle mile race to the payer. For your customers, the payment process is a sprint, and you must help the customer complete it quickly and effortlessly.
According to Forrester, 11% of users abandoned a purchase just because they did not want to register or because they were asked for too much information. A payment form made in the form of a bank card perfectly copes with the task of simplifying the process and minimizing the amount of required data. Even an inexperienced payer can intuitively guess which field needs to be filled in.
If you are critical of any additional information, make sure you explain to the client why you are requesting it.
4. Allow customers to easily correct their mistakes.
Everyone understands that people tend to make mistakes. Sometimes they skip the postcode field or forget to insert the "@" into the email address. Your job is to point out the error and help the user fix it.
On some sites, the error message appears at the top of the page, but people don't realize that they have to scroll all the way to the top to figure out what went wrong. Ideally, the error message should appear in the area where the error occurred.
Another useful tip: it is much easier for people to continue paying in case of an error if you automatically save all the correctly entered information on the form. So the user will need to re-enter the data only in the field where the error was made. In the illustration below, you will see that the standard PayOnline payment form does not delete the data that has already been entered, and the error messages that describe them are clearly highlighted in red.
There is nothing more annoying for a user, especially if he fills out a long form, than re-entering all the data. According to a study by Invesp, the problem of customer loss due to incorrect display of error messages when filling out forms is among the top ten "conversion killers" during payment.
5. Let customers pay for purchases without registration
Do I need to force the user to remember one more username and password? Unlikely. Do not create another obstacle in the customer's path to payment. Forcing users to register for an account on your site is too intrusive, especially for first-time purchasers. Mandatory registration is another winner of the conversion killer rating.
A usability study by Smashing Magazine found that the main reason for users' dislike of registering accounts is the anticipation of unwanted spam. The study also notes that many customers do not understand why they have to register in an online store to buy something, while in offline stores no one requires them to register when buying. Another disadvantage of registration is that it adds several additional fields to fill out, which delays the checkout process and negatively affects conversions. To make life easier for customers and increase the likelihood of a favorable outcome, it is necessary to minimize the customer's time to place an order and request only the necessary minimum information from him.
For example, the online store "Bayon" does not require the client to "register", he asks him to introduce himself. And for this he offers the client to choose the most convenient way of acquaintance - using a social network, phone or e-mail. In addition, the registration form consists of only two fields, which cannot but please the client.
6. Don't "redirect" buyers
You've put in a lot of effort to get customers to your site. Why send them to another site for payment? If you can't control the design of the payment page of a third-party service, your customers may get the feeling that they are paying the wrong company from which they buy the product or service.
Today, commercial sites have the ability to integrate a payment form directly into your site page using Iframe technology. This allows you to reduce customer distrust to a minimum, without frightening them with unexpected redirects and “reassuring” the identity of the registration page and payment form. This is how we implemented the integration of the payment form into the payment page of client, the ad exchange.
Checkout and checkout are the last steps your customers take when buying, which is why you need your customer to see your business name on these pages.
7. Stick to a consistent design style
From a branding standpoint, you should make all the elements of your site as visually identical as possible. This means that you need to use the same colors, fonts, design elements. These requirements apply to the design of your payment instrument selection page and checkout page, as well as to other pages on your site.
By maintaining the visual identity of all the elements on your site, you can also increase your brand awareness among buyers. Of course, payment service providers are ready to provide you with ready-made payment pages designed to maximize your payment conversions. But if you have the resources for this, you should take care of adapting the form to the unique style of your online store. And given the variety of online fraud types and scary stories associated with it, it is not surprising that users are skeptical about the difference in the design of the payment page and the design of the website of the online store where they made a purchase.
To avoid misunderstandings and fears on the part of buyers, use an identical design for all pages of your site, especially the checkout and payment pages, as MTT has done. It should be noted that the change in the design of the payment page does not affect its security, only the "cover" changes.
In this example, you can observe a visual identity in which the payment page is fully consistent with the design of the site, even with respect to the characteristic design elements, including - fonts, colors, "buttons", shapes and even a corporate identity.
Convenience and safety - these are the basic requirements for the payment page by users. In the next part of the series "9 Secrets of Online Payments", we will tell you what opportunities mobile users give to e-commerce market players and what you need to know in order not to lose potential customers from the fastest growing segment. And if you want to set up accepting online payments on the website or in the mobile application, feel free to contact experts will advise you on any questions.
Part 5: mobile payments
A PayPal study showed that mobile payments are gaining popularity: 19% of users make payments online from tablets, another 32% - from smartphones. In world, 38% of mobile devices were used to pay online, and 5% of Internet users pay online only from a smartphone or tablet. The love for mobile payments is more pronounced among the younger generation - 61% of respondents aged 18 to 34 have already made payments on the Web from their smartphones and other mobile gadgets. Mobile payment applications are also popular - 43% of respondents installed them on their devices. In the fifth part of the series "9 Secrets of Online Payments", containing eight years of experience of the carders team, we will tell you about how to interact with the mobile audience, how it has changed in recent years and, of course, we will tell you how to effectively accept payments.
According to a 2021 study by PayPal, the growth of the audience of online payers is now due to new Internet users (+ 55% per year), consumers over the age of 55 (+ 17%) and residents of the provinces (+ 13%). World has passed a critical point in the development of electronic and mobile commerce. While someone is thinking whether it is necessary to develop a mobile solution for their business, buyers go further: 79% of respondents believe that in the future it will become customary to use mobile devices to pay for purchases in regular stores, 63% - that we will pay using wearable devices, These ideas will become a reality in the coming years.
According in the first quarter of 2021, 19.3% of online payments were made from mobile devices, 59% of them - from devices on the iOS platform. The share of payments from mobile devices increased in 2021 compared to 2020 by 157% and amounted to 19.3% of the total volume of payments made through the electronic payment system.
Unfortunately, the trend of shopping via mobile devices in Internethas been caught by only a few sites.
In most cases, it is very difficult, if not impossible, to make purchases using mobile devices on a site designed for desktops. Product photos do not open properly, design elements are too small, it is difficult to get to the buttons "select size", "specify quantity", and worst of all, the button "pay". After all, it is payment that is the final and key step on the way to turning a website visitor into a buyer.
Many problems also arise with a payment form that is not adapted for mobile devices: fields for entering details do not fit on the screen of a mobile device, the page with the form takes too long to load, and the security of the payment is questioned. Not surprisingly, many potential buyers who wanted to "quick" buy something from a smartphone are abandoning this idea.
What can be done to simplify the payment process for mobile users and not lose profit?
First of all, you need to give the client the opportunity to freely use the online service using a mobile device, that is, a tablet or smartphone (sometimes new generation TVs with Internet access are added to this group, but so far their share in the sales volume is extremely small, although it shows high growth dynamics). This can be done using a mobile site or applications for popular mobile platforms (iOS, Android, Windows). The transition to the mobile version or to the application should take place at the moment when the user tries to enter the site from a mobile device.
What to choose - a mobile version of the site or a mobile application - everyone decides for himself. Each of the options has its pros and cons: for example, applications are often more convenient, they make it possible to access the user's personal information (contacts, photos, etc.), but it is much more difficult to achieve installation of the application than to attract an audience to the mobile version site. But the application allows you to keep the attracted audience - and settle in a mobile device, "communicating" with the user using push notifications.
This raises the question of payment systems - how will the user pay for purchases? With mobile versions, everything is obvious - when a mobile device is detected, the user is automatically redirected to the mobile version of the site, and for payment - to the mobile version of the payment form. But when setting up payment acceptance, there are a number of aspects that you need to pay attention to.
Choose wisely: no need to overpay for accepting payments
The native payment services offered by the iOS and Android platforms charge the app owner a very high fee for processing payments: from 20% to 40%. This commission rate closes the mobile sales channel for low- and medium-margin businesses. Therefore, the first tip is to study the market and find a suitable payment solution.
In the cardable market, only a few independent payment services offer competitive payment processing fees to mobile application owners. Unfortunately, not everyone knows about this opportunity and builds in a "native" platform payment system, subsequently facing prohibitively high tariffs.
There are many nuances regarding payment systems in applications: a lot depends on what is sold (real goods or attributes of the game world, such as coins, armor, weapons), in which country the application is published, what is the turnover in it. For “imaginary” artifacts and premium access, only the internal currency of the mobile platform is often used, and it is prohibited to accept payments through third-party systems. If we are talking about physical goods (clothes, air travel, cinema tickets), then there are much more opportunities for integrating third-party processing with favorable tariffs.
The payment page must be an organic part of the application
As for the payment page itself, it is important to adhere to a single design corresponding to the application. The easiest and safest way to integrate payment acceptance in the application is to customize the payment form for mobile devices and integrate it through the built-in browser. It is also possible to implement a payment form directly into the application, but this significantly increases the level of risks, which means that it leads to an increase in commission.
The design of the payment form, customized for the rest of the screens of the application, is positively perceived by the buyer: he is calm and knows that he is still in the same application where he placed the order.
It is necessary to take into account the differences between mobile devices and desktops
The developer must understand not only the psychology, but also the physiology of the buyer: when a person holds a smartphone in one hand, it should be convenient for him to operate with just one thumb.
Payment form fields should be shortened and simplified as much as possible, this applies to both the mobile site and the application. You need to request only the data that is really necessary for the payment. Reduce manual typing of numbers and letters to a minimum - typing on the keyboard of a mobile device is not very convenient, there is a great chance of being sealed or suffering from auto-corrector replacements. Whenever possible, use drop-down lists that can be conveniently "scrolled" with one finger on the touch screen.
Do not overload
The speed of page loading in a mobile browser plays an important role. If the payment page turns out to be too "heavy", the user may not wait for its full load and leave for another resource.
But, at the same time, on the payment form, the user should see information about the order. It often happens that when paying for a purchase (especially an expensive one, such as an air flight, for example), already at the payment stage, the buyer wants to check the order details again. In the case of plane tickets, it can be time, airport, date of flight. To reduce the number of bounces from the payment form, it is recommended to put all important information on the payment page without overloading it.
Provide the buyer with the necessary information
Do not forget to inform the buyer about the stage of payment processing, as the process of verification and authorization of the payment takes time.
This way, the user will not have the feeling that his device is frozen or “something went wrong” and the payment has not been completed.
If an error occurs during payment, inform the buyer about its reasons, whether it is an incorrectly filled out payment form, lack of funds on the card, or any other problem. In addition, it is also advisable to recommend ways to solve it - choose another payment instrument, try to pay later, contact the support service.
Safety information is important
Today, almost every smartphone is a repository of vital information of its owner. All photos, contacts, messages, access to mail and social networks, payment data and confidential information - in fact, having free access to a mobile device, you can find out almost everything about a person. The owners themselves understand this, so they are often reluctant to leave their data when registering and paying. To convince them to protect the details of their bank cards, use the appropriate information on the payment form (for example, as the Vkontakte website does it, indicating "Secure connection. Your data is safe"):
If your service offers frequent purchases, you can link the user's card to the device. Regular customers will thank you, because to make a purchase, it is enough to enter a minimum of data - for example, only the CVV code on the back of the card. It is about linking the card and the functionality of “one-click” payments that we will tell in the next article from the series “9 Secrets of Online Payments”. In order not to miss the latest issues, subscribe to our blog. And if you need to organize acceptance of payments on the website or in the mobile application, feel free to contact with any 2-D Secure merchant (payment gateway).
Part 6: one-click payment
Payment systems do not stand still, inventing more and more new opportunities that make the payment process fast and convenient. One of these "chips" is payment in one click. About this - in the new issue of the series of author's articles "9 Secrets of Online Payments".
One-click payments is a modern payment tool that allows customers to pay for goods using a bank card without entering full payment details. Making a payment in one click is available only to authorized users of the online store - the client registers on the site and enters the full details of the bank card when making the first purchase. To make subsequent purchases, he will only need to enter the CVC / CVV code - the last three digits on the back of the bank card, press the "Pay" button and go through 3-D Secure authorization. In some cases, implementation is possible without entering the CVC / CVV code, but using only one payment button.
There is one important point when connecting “one-click” payment. The buyer must be informed about this option and the convenience of its use. The level of confidence in online payments is growing, and if at first such innovations were treated with surprise (“I didn’t write my data, how could the payment go through ?!”), now this is exactly what is expected from the store.
The main benefit of a one-click payment is to reduce payment procedures to a few seconds. And the speed of making purchases is one of the main factors in the transition of commerce from shopping centers to the worldwide global network.
Who should pay special attention to one-click payments?
- This tool is in demand among online stores that actively work with a customer base and attract customers to make repeat purchases. If a person makes purchases on your website on an ongoing basis, it will be much more convenient for him to enter the bank card details once upon the first purchase, and then simply confirm the fact of payment by pressing one button. Among such services are sellers of goods of regular demand, housing and communal services enterprises, sellers of digital content (books, films, software and music), providers of Internet access, mobile communications, social networks and online games.
- This tool is needed for those who care about making the shopping process as simple as possible. If the user is a beginner, it will be much easier for him to make purchases when the number of filled fields is reduced to only 1-2. For an advanced regular user, one-click payment is a significant reduction in the time for placing an order, which means it is another plus in the “karma” of an online store that has implemented this functionality.
- Also, “one-click” payment is a real help for organizing “impulse purchases”. This can be compared to the process of shopping in a supermarket, when, in addition to the goods from the shopping list, some pleasant trifle comes across. It is worth reaching out your hand - and it is already in the basket! The same thing happens in an online store. Even if the user has already placed an order, he can be followed by related products (with the tag "you may also be interested"), for the purchase of which it is enough to click the "Pay" button once.
One-click payment gives the user the feeling that they are waiting for him on the site, because when he arrives there, everything is ready to make a purchase. The service seems to be more friendly, it becomes "our". This significantly increases the level of customer loyalty.
According to PayOnline's experience, the implementation of “one-click” payments on the websites of clients of the relevant type of business provides an increase of 5-15% in payment traffic via bank cards. At the same time, the level of payment security remains at the same high level as with standard bank card payments by filling out a payment form.
Some about the experience of connecting payments “in one click”.
The next issue of "9 Secrets of Online Payments" from PayOnline will be devoted to how payments are verified, how fraud is detected. We will tell you about the work of the fraud monitoring system, which allows you to ensure the safety of your Internet business from financial fraud. Subscribe to our blog not to miss the latest releases. And if you need to set up accepting payments on the website or in the mobile application, please contact with any merchant, they will find a suitable solution.
Part 7 - Fraud monitoring system (Security guard)
Why are payments being declined? How do online stores protect themselves from fraudsters? How to determine if you are paid with a real card or stolen? What provides e-commerce fraud protection? We answer these and other questions in the seventh installment of our series.
What is fraud
The term “fraud” comes from the English word “fraud”, which is translated as “fraud”. In a broad sense, fraud is unauthorized actions and unauthorized use of IT resources. There are many types of fraud, and users, merchants and banks can all be deceived. In most cases, the data of payment instruments - bank cards, electronic wallets, mobile funds - becomes the object of fraud, although any leak of personal data leading to the enrichment of an attacker can be called a fraud.
The most popular type of fraud with bank cards is the so-called “Friendly Fraud” or “FF”. How does the "FF" mechanism work? The cardholder makes a purchase on the Internet, and then requires the bank to carry out a charge-back - a refund to the card due to the failure to provide the service. And, if the store cannot prove the unreasonableness of the payer's claims, the bank must reimburse the required amount to the cardholder. And the "cost" falls, of course, on the online store.
Online stores can suffer from hackers who illegally enter the site system, their own employees who improperly use the company's databases, unscrupulous customers who indicate incorrect payment information for the purpose of non-payment, or initiate a refund after the goods are shipped or the service is provided.
How a payer can be a victim of fraud
Ordinary shoppers, on the other hand, face a multitude of threats that await them both online and offline. It is enough to lose vigilance a little, and this can play a cruel joke. The more tools for storing money and paying for purchases are invented, the more ways to steal them appear. If a couple of decades ago the most terrible loss was a wallet with cash, now the situation is complicated by the fact that almost each of us has several carriers of funds. And cybercriminals are ready to do anything to get their data.
For example, by taking possession of a victim's mobile phone, a fraudster can gain access to a mobile operator's account, a banking application from which it is convenient to transfer money online, card details that can be stored in the form of a photo or sent in a message to a friend, electronic cards (NFC - Near field communication tags - turn the smartphone itself into a bank card).
By linking a SIM card to a bank account, the user, on the one hand, protects himself. Information on payments instantly comes in the form of SMS notifications, and to confirm the payment, you need to go through the 3DS procedure and enter the code received in the SMS. The smartphone becomes a kind of additional customer identification. But once you lose it, the picture changes.
There is no need to talk about stealing the card itself. Today, the card number and CVV / CVC code are enough to transfer money from card to card. Methods such as phishing and skimming are used to obtain card data. Skimming - installing a counterfeit reader and keyboard on ATMs, which allow you to obtain data from the magnetic stripe and a PIN code, and then make a copy of the card and withdraw funds from it. Phishing is more diverse in its approaches. In fact, cybercriminals literally "fish out" the user's bank card details using fake websites, fake payment forms, calls from supposedly "bank employees", SMS messages and hacked friends' accounts on social networks. There are a lot of methods,
On the Internet, things are no better - for many online shopping has become as commonplace as going to the store for bread. And we will tell you more about how modern scammers operate on the Internet and how to deal with it.
Card fraud on the network
The online store, the bank, and the cardholder himself can suffer from card fraud. In the event of a leak of card data, cybercriminals try to withdraw the maximum amount of money and leave no traces so that online stores deal with banks, who should still reimburse the lost amount. It is impossible to keep track of the cardholders - the online store cannot know who is on the other side of the screen: an intruder or a respectable client. There is always a risk, but in order to bring its value closer to zero, there are many tools for checking payments and verifying payers. One of them, the system for monitoring fraudulent transactions or the "anti-fraud system", will be discussed below.
What is antifraud and how does it work
The general scheme of operation of almost any fraud monitoring mechanism is as follows: at the time of making a payment with a bank card, several indicators are collected (each anti-fraud system is different) - starting from the computer's IP address and ending with the statistics of payments on this card. The number of filters can exceed a hundred (for example, the PayOnline electronic payment system has more than 120 of them). The system has a set of rules, that is, the limits of security filters. Each of the filters checks the user - his personal and card data. The purpose of the system is to make sure that the user is the real owner of the card making a purchase on the site. In case of detecting suspicious activity, that is, exceeding any parameter value, the filter automatically blocks the possibility of making a payment with this card.
The user makes a payment on the site. Payment information goes to the fraud monitoring system. At this moment, the anti-fraud has two information packages: information about this single payment and the profile of the average payer of this online store. The algorithms of the fraud-monitoring system allow us to assess a number of factors, among which the main ones are:
- The country from which the payment is made.
- Country of the bank that issued the card.
- Payment amount.
- The number of payments from the card.
- Payment history of a bank card.
- The profile of the average store payer.
The transaction is initially analyzed based on these and other factors. Based on the analysis, it is assigned a "label" that characterizes the way the transaction is processed. There are three types of tags. Green indicates transactions with a low probability of a fraudulent transaction. Transactions that have a higher than average chance of a fraudulent transaction and require additional attention to complete the payment are marked with a yellow tag. Transactions that are most likely to be fraudulent are marked "red" and will require documentary confirmation of the cardholder's authenticity.
The "fate" of each mark is individual. We have graphically presented the life cycle of all three types of transactions in the Figure below. Further, with a few simple examples, we will look at typical transactions of all "colors" and tell you what checks the fraud monitoring system determines for transactions, depending on the level of risk of fraud.
"Green" label transactions, everything is as simple as possible: for example, the payer pays with a card issued by a bank. The payment amount does not exceed the store's average check.
The monitoring system assigns a green label to the transaction. Next, the transaction is sent for authorization using 3-D Secure. And if the card is not subscribed to the one-time password service or the issuing bank does not yet support this service, a request to authorize this transaction will be sent to the processing center of the paying bank in the usual way - directly.
The average level of fraud risk determines a different way of checking the payment for legitimacy.
"Yellow" label assigned to transactions with average and above average levels of risk of fraudulent transactions. For example, online store, a purchase is paid for with a bank card issued, but the size of the average check is noticeably higher than the average for the hospital.
The system marks this transaction with a “yellow” mark, and additional actions of the payer may be required to authorize it. If the card is subscribed to 3-D Secure, then the transaction (as in the case of the "green" label) will be authorized using a one-time password. However, if the payer cannot use this payment authorization method, then his bank card will be automatically sent for online validation or manual verification.
"Red" label fraud monitoring system automatically assigns transactions with a high level of risk of fraudulent transactions. For example, payment online store is made with a card issued in the USA, and the payer is in Spain.
If payments with this bank card have not previously been made through this system, the fraud-monitoring system will mark the transaction with a “red mark” and transfer it from automatic authorization mode to manual. Such a payment will be sent for manual moderation to the specialists of the Risk Department. To authenticate the owner of a bank card, documentary confirmation is required - a scanned image of a bank card and an identity document of the owner. After submitting the correct scans of documents, the operation is transferred from "red" to "green" and sent for authorization to the bank's processing center. Questionable transactions that have not been manually moderated are rejected to avoid the risk of fraudulent transactions.
Thus, the analysis of transactions is automatically carried out by the fraud-monitoring system at once at three levels: a single bank card; e-commerce enterprise profile; the overall flow of transactions processed by the IPSP. Together with constantly improving algorithms for automatic collection, processing and analysis of data on completed payments, multi-level transaction analysis allows the fraud monitoring system to change in a timely manner, increasing the level of security for making payments on customer sites and reducing the risks of all types of fraud inherent in online commerce.
At the moment, we have achieved a value of the risk of fraudulent transactions of 0.02%
What worries the fraud monitoring system
What can cause suspicion in the antifraud system? Here are some parameters that are most likely to compel the system to monitor fraudulent transactions.
- Payment for one card is made from different devices identified by different IP addresses.
- The opposite situation - operations are performed from the same device (IP address) using a large number of cards.
- Several unsuccessful payment attempts are made with one card (probably, the user is not able to go through the confirmation procedure).
- One client signs up under several accounts using different email addresses and pays with one card
- The payer's name indicated on the payment form differs from the name of the cardholder.
- Different countries of registration of the online store, the card issuing bank and the buyer.
This list of "disputable situations" can give you a general idea of the logic of the system. Risk specialists and business analysts are trying to take into account all the nuances, adding new filters to protect the business of Internet companies from intruders. It should be noted that the logic of the fraud monitoring system and its parameters change depending on the payment service provider.
Manual configuration: why and who needs it
Fraud monitoring system settings differ depending on the types of business. There is a whole list of parameters to consider:
- average statistic profile of the payer,
- average check size,
- the level of risks in the segment,
- features of the goods and services sold (digital or physical).
Sometimes a business has a very narrow specifics, and without individual customization, some payments simply will not be able to pass the standard anti-fraud settings, although they will not be fraudulent.
For example, restrictions on the geography of payments are critical for online tourism: a client may need to purchase a plane ticket while on a business trip abroad, and the system will block such a payment, since it is not made from the country where the payer's card is issued.
In this case, fine-tuning of filters is applied: you can set conditions according to which the payment will be passed, even if the condition of the payment geography is not met. Such changes are made to the system only after analyzing possible risks, under the supervision of specialists and after agreeing on the changes with a representative of the online store.
Personal intervention in the operation of the system can lead to large losses - if the fraudulent operations are approved, the online store will be obliged to return the money to the owner's card, even if the goods have already been shipped to the imaginary buyer. Moreover, a fine may be imposed on the store depending on the amount of fraud, and if such situations recur, special sanctions from international payment systems (IPS) may be imposed.
Pros and cons of the anti-fraud system
The advantages of the system for monitoring fraudulent transactions are obvious - automatic rejection of dubious transactions, protection of the online store from subsequent proceedings with banks, payment systems and real cardholders. And, of course, minimization of reputational and financial risks. The store's reputation will not suffer, and users will trust such a resource, and their loyalty will grow.
But, like any service, the fraud monitoring system has its own "production costs". Rejection of payments can lead to loss of customers, and therefore, profit. Without proper configuration, filters may not pass transactions that are significant for the online store, which will definitely not be pleasant to customers.
When choosing a payment service provider, you should pay attention to the declared conversion into successful payments: services that guarantee “100% successful payments” are likely to either deliberately overestimate their functionality or expose customers to the risk of becoming a victim of cybercriminals. For example, the conversion rate into successful payments after “manual” settings (or for standard online stores with a standard customer audience) varies within 93-96%.
Another unpleasant, but important point that will have to be faced when developing a fraud monitoring system on the side of an online store will be the protection of user data, both personal and payment. You will need to be certified to comply with the PCI DSS standard and take into account any data storage and processing restrictions that are regulated by law. This applies rather to those who nevertheless undertake the development of an anti-fraud on their own, so we will not go into details in this article.
Who provides anti-fraud services, and why only a few should invest in their own developments
Monitoring fraudulent transactions is a necessity in today's e-commerce realities. For a bank, the cost of maintaining and developing an anti-fraud system is more than an acceptable amount, which will pay off many times over in the process of use.
For a payment service provider, the fraud monitoring system is one of the key services that it provides to client companies.
For small and medium-sized businesses, the development of their own antifraud is an overwhelming and unrewarding project. The requirements for such mechanisms are growing every year, they are learning to process the information received more finely, taking into account statistics and behavioral factors. For the system to work efficiently and meet modern requirements, a staff of qualified specialists and significant technical capacities are required. In the vast majority of cases, e-commerce players cannot afford such fixed costs - and monitoring of fraudulent transactions is delegated to payment service providers that specialize in the analysis and processing of payment transactions.
About Cadable Payment Gateway (merchant)
Electronic payment system offers flexible high-tech payment solutions for companies doing business on the Internet. The company has extensive experience in integrating and customizing payment solutions for websites and mobile applications.
Merchant has in-depth knowledge of the implementation of payment technologies to increase usability and success rates. Thousands of e-commerce businesses around the world are already using services, and the company is always happy to share their experience with new customers. Key regions of activity are the Europe and Asia.
Part 8: refunds - and how to avoid them
Could there be something more offensive for an online store than lost profits? Can! Even more offensive is the situation when the money has already been credited to the account, and the client or the bank suddenly demanded to return the funds back to the payer's card. Especially if the service has already been provided or the shipment of the goods has already taken place. What to do in this case? About this - in the new, penultimate article of the series "9 Secrets of Online Payments", which concentrates the eight-year experience of the carders team.
Imagine a situation: a customer makes a purchase using a card, but for some reason the product does not suit him. The client returns the goods and initiates the so-called refund - a voluntary return of the payment made earlier on account of the purchase with a bank card. Most often, it is carried out at the request of the buyer. Another case is card fraud, and there can be different situations here. Firstly - friendly fraud - when an attacker places an order for a large amount, the goods are shipped to him, and the online store receives a request for a refund of the "real" cardholder's money. According to the legend of the accomplice, his card was stolen, and a purchase was made from it. The “real” cardholder demands to return the money to him, and if the bank takes his side, then the online store remains without goods and without money.
Secondly, these are real cases of theft of cards for the purpose of making purchases without the knowledge of the owner. Even if it was possible to identify the fact of fraud, and the goods have not yet been delivered, the online store still loses the commission for processing the transaction by the processing center. These returns are called Chargebacks. This is the procedure for debiting funds from the account of an online store or other e-commerce enterprise for an authorized, that is, a previously completed payment, initiated by the holder of the bank card or the issuing bank. Often, the charge-back procedure is carried out in accordance with the rules of the international payment system in case of their violation by an e-commerce enterprise.
First of all, the task of reducing the number of returns falls on the shoulders of the online store itself. It is he who is most interested in preventing such situations. The entrepreneur has many motives: first of all, this is his income, and secondly, the minimization of the risk of non-refund of the commission for the transaction; in addition, an online store can lose customer loyalty. What methods can be used to deal with returns?
Site requirements
In the process of connecting the payment acceptance system to the site, many requirements may be imposed due not only to the security of transactions. Here is an example of some of the requirements for sites planning to use the connection to merchant:
It is recommended to place a minimum amount of reference information on the site:
- Description and consumer characteristics of each product / service. Description of the procedure for ordering goods / services.
If a customer buys a product and then decides to return it back, citing the fact that “I didn’t know that it was too big / small / different color”, then there was not enough information on the site. The clearer and more accessible the description of the product is, the more high-quality photographs describe it, the less likely it is that the buyer will not buy what he wanted. Accordingly, the fewer cases of refunds will be. The same situation with the ordering procedure: for example, if a client wanted to buy one issue of an online magazine, but accidentally subscribed for a year, funds will be automatically debited from his card every month - this option is available if you tick the "Auto payment" box when placing order. Naturally, the client will be unhappy and will demand a refund for the service, which he was not going to use so often. To avoid this, make every step of the checkout as clear as possible. - A list of available payment methods and a description of the payment procedure. Information about the refund procedure.
The return procedure is an unpleasant process for all participants. The terms for returning funds to a bank card are regulated by payment systems and can be up to six months. Perhaps, if the buyer finds out about this, he still decides to keep the product that he spontaneously bought earlier, but then just changed his mind and decided to return it back. - Contact phone number and email address of your company (e-mail).
Of course, the ideal option for an online store would be a call center where customers can get support on issues of interest to them. Problems with payments are complicated by the fact that not every specialist of an online store can give comprehensive advice on them. Transactional difficulties are associated with the work of several banks and a processing center, the laws of the country (Visa, MasterCard). Payers can be supported by the payment system itself. But the issues related to the return of goods are the responsibility of the online store itself. If the client was still unable to "reach out" to his representatives and tell about his problem, the refund will turn into a charge-back (due to the client's contact to the bank - Information on the delivery of goods and the rules for the provision of services (including export restrictions and rules for the delivery of goods outside the shop country, as well as restrictions on the provision of services).
In the case of the delivery of goods, the situation is the same as with its description: if it is not obvious to the client how much the delivery will cost and what its terms are, he may change his mind after payment. The more detailed the description of products and the processes of their purchase, the fewer returns from the online store.
Anti-fraud
If the online store encounters fraud too often, banks may refuse to work with it, and it will be impossible to accept cards or other online payment methods. There are a number of technologies to combat fraud (PayOnline talked about them earlier in the previous articles of the series "9 Secrets of Online Payments").
- AntiFraud fraud monitoring system. In automatic mode, it verifies transactions and literally "pronounces a verdict on them": if an operation on the card seems suspicious, it is checked especially carefully, up to manual skipping or cancellation.
- 3-D Secure is a security protocol. This is a requirement of the IPS for payments made to confirm the identity of the payer. Most often, the client is required to indicate a code generated specifically for a specific payment, which comes in the form of an SMS message. Some online stores disable this feature in order not to lose customers, who may enter the wrong code by mistake or their card is not subscribed to 3-D Secure, but this leads to additional losses associated with fraud.
Setting up a payment service
Another way to avoid refunds for online stores is to freeze funds on the payer's card. It is especially popular with large retailers during the period of their active growth or sales. The laugh is simple: the client checks out the goods on the site, and the required amount is frozen in his account. After the online store confirms the availability of the goods and the readiness to deliver it to the client, the payment operation takes place and the money is debited from the card. PayOnline partners shared their impressions of this option, saying that during the sales period, when orders were coming one after another, the online store employees simply did not have time to quickly check for goods. By freezing funds on the card, they collected orders and at the end of the day checked what could be delivered the next day and what goods were out of stock.
This method solves several problems at once:
- Sale of goods. Even if it is out of stock, the seller can always order the required quantity by offering the customer a bonus for a longer delivery.
- Alternative proposal. The seller can pick up a product that may turn out to be a little more expensive, but the buyer will like it no less. Perhaps the client did not even know about its existence, but the seller got the opportunity to establish contact with the buyer and tell him in more detail what else the online store can offer him.
- Instant refund. The customer does not need to wait for the refund to be initiated - it can take several days. Instant refund of the payment amount to the card will significantly save his time and allow him to continue shopping.
- Customer loyalty. Problems with an order are always unpleasant, especially when the money has already been debited from the card. But if a client is offered bonuses for waiting, alternative options or instant returns, he will feel an individual approach and either become a loyal customer himself, or he will also recommend an online store to his friends, since a high level of service today is a significant competitive advantage.
Thus, by avoiding refunds, the online store will not only retain profit, but also its image in the eyes of customers and partner banks. In the next, final part, we will tell you how to customize a payment service specifically for your type of business. If you still have questions or you need to organize the acceptance of payments on the website / in the mobile application, please contact with specialists will consult and select a suitable payment solution.
By helping hundreds of customers set up a payment service, we have made sure that there is no one-size-fits-all payment solution for all types of businesses. Each online store or service has its own characteristics and requires an individual approach. In the ninth and final issue, we will tell you how to customize a payment service for your type of business.
Retail: online shopping
Online stores make up the lion's share of customer base - and it was on their settings that we, as they say, "ate the dog". And, of course, recommendations for retail are universal and easily scale to almost all other types of businesses. So, what should an online store owner pay attention to?
First of all, for the size of the average check and daily turnover. If these figures differ from the “hospital average”, the corresponding filters need to be adjusted. Otherwise, you run the risk of a payment rejection for your dream order for $ 100000 or even suddenly stop accepting payments in the middle of the working day due to exceeding the maximum allowable payment turnover in 24 hours.
After that, it's worth looking at the geography of the clients. If you receive orders and, accordingly, payments from other countries, ask if they are included in the basic list of countries from which payments are approved by default. If not, it is worth taking care of expanding the list of "open" countries.
Next - pay attention to the settings of the 3-D Secure protocol. We always recommend clients to check the entire volume of payments using 3DS, as this guarantees 100% protection against fraud. However, it should be borne in mind that only 80% of the cards are subscribed to 3DS. Thus, with the growth of turnover and sales volume, this 20% starts to play a significant role, and the business has to find a trade-off between security and conversion. You can read in detail how to set up 3D-Secure in our first issue this series.
Pay attention to the payment form - its format, design and number of fields. You can embed a form on your site using Iframe technology - and reduce the number of steps in your conversion chain. You can implement your own form design - and "reassure" users, increasing their confidence in the payment process. You can reduce the number of fields - however, do not forget that each form field provides food for thought to the fraud monitoring system, helping it to minimize the risks of fraud and the accompanying financial losses for your business.
And, of course, you should remember your client and strive to make the order payment process as simple and painless as possible. For this, a wonderful tool has been implemented - "payments in one click”. The card is linked to the payer's account on your website, and all subsequent purchases are made without entering the card details.
"Mobile-oriented" business
If you follow the audience of site visitors, you know exactly from what devices they are accessing it. Data Insight's research "Internet commerce 2021" showed that online shoppers are increasingly using mobile devices in the shopping process, a trend that shows steady growth year after year.
In addition, many users use several screens at once at different stages of the purchase.
What conclusion can be drawn from this?
First of all, buyers are switching to mobile purchases. Of course, the end of the era of total desktop rule is still far away, but now we can confidently talk about the need to implement both mobile sites and applications and mobile payment solutions. Learn more about setting up mobile payments.
If you only use the mobile version of the site in sales, remember: making a payment is the last step in the checkout process, and problems on the payment form can infuriate any buyer, leaving a negative impression about the service. In order for this not to happen, it is necessary to provide the buyer with the opportunity to use the mobile form.
A mobile-friendly payment form has many advantages:
- It adapts to the screen size of any mobile device, from compact smartphones to full-fledged tablets. Thus, the fields do not "slide" off the screen.
- Often, the number of fields in it is much less than in the usual form.
- Filling out the form does not cause any inconvenience: the input fields are large enough, the chance to miss and click "wrong" is minimal.
Of course, not all businesses require this option. You can see in which segments most often buyers use desktop computers and / or mobile devices. They should think about connecting a mobile solution for their online store.
Tourism: Online Travel Agency
A distinctive feature of working with services from the field of online tourism is the "long entry". A long entry is an additional parameter for ordering an air ticket, reflecting the identification parameters of the passenger: the ticket number itself, the passenger's surname, as well as the flight data (airport name, etc.). When buying other products on the Internet, these parameters are not requested. In accordance with the rules of international payment systems (IPS), the presence of a "long entry" allows you to reduce the commission of the acquiring bank. This is due to the fact that the cost of such an operation for the acquiring bank will be lower, which will accordingly reduce its commission. The use of a "long entry" also reduces the risk of a fraudulent transaction being approved, because there are additional parameters and it is more difficult for fraudsters to cheat the system allows you to use a "long entry" and minimize the cost of Internet acquiring.
Another "trick" of the payment system that significantly affects your profit is the settings of the system for monitoring fraudulent transactions. For some types of business, basic settings are suitable, while others will require fine tuning and customization. The monitoring systems of various payment service providers differ from each other. The fraud-monitoring system of the PayOnline payment system contains more than 150 filters that check the payer's account, the country of payment, the country of issue of the card, the number of transactions from this card, the size of the payment, and much more.
The tourism business, for example, is characterized by cross-border payments. With the standard anti-fraud settings, problems are likely to arise: the cards are issued in one country, and the payment is made in another. This will lead to the rejection of the transaction, which means lost profits. You won't be able to disable anti-fraud just like that - this will lead to an increase in the number of fraudulent operations.
And for the proper adjustment of filters, the joint work of specialists from a travel company and a payment service will be required. After all, to correctly configure the filters, you need both detailed information on the geography and specifics of the client's business, as well as the statistics of the fraud monitoring system and the expert knowledge of risk monitoring specialists. Only this combination will allow you to select the necessary system settings without harming your business.
Utilities: housing and communal services
In the field of payment for housing and communal services, there are also some nuances: for example, the commission for payments of the processing center, the acquiring bank, which the online store usually pays, can be passed on to the payer himself. In this case, the final amounts are credited to the organization's account in “pure form”.
Another point to consider when choosing a payment partner is the ability to upload data to the billing system and provide registers for machine processing. The amount of information on payments in this area can be truly gigantic, while they are of the same type, so convenient data registers are an important part of a payment service.
Microfinance organizations
Microfinance organizations that issue short-term loans of small volume at a daily interest rate require advanced functionality: in addition to standard Internet acquiring, it is necessary to make payments to cards.
For MFO specialists, the extended functionality of the "Personal Account" is needed, so as not to get confused who the loan was issued to and who returned it.
Another option that such a service needs is rebills. Rebill - recurring payments that are used to make recurring payments without the participation of the buyer in order to reduce the inconvenience of the user from the need to periodically initiate a payment on his own. In the case of an MFO, the borrower enters the data of his bank card once at the time of issuing a loan, and at the appointed time, the amount to be returned is debited from him.
By the way, rebills will be useful not only for MFOs - with their help, various services can effectively accept payments that imply the availability of access for the buyer for a predetermined paid period of time and the subsequent extension of this access due to automatic regular payment - for example, a subscription to online magazines or functional services like dating sites. The use of rebill allows customers to pay for goods using a bank card without entering full payment details, reducing the online payment procedure to a few seconds. Acceptance of payments using the rebill procedure is not inferior in terms of security to the standard payment procedure and meets the security requirements of international payment systems.
Having studied all nine secrets of online payments that introduced to carders readers, an online store or service can significantly increase the capabilities of its site by setting up a payment service.
Thanks for reading this thread and if you want to know more, you can ask below!
