The Role of Security, Encryption and Fraud Detection in Association Payment Service Decisions
Updated: Mar. 8, 2021 | Categories: Revenues
Last month, we began exploring those things association chapters need to consider when choosing an association chapter payment service. We started with the basics, including what to look for in a payment gateway. But choosing the appropriate gateway for your association chapter is really only the first step.
Security also needs to be on your short list of considerations. If you don’t consider a payment service’s security features, encryption standards, fraud detection, etc., there are risks. Those risks could be minimal, like losing a potential association member registration when someone feels your online payment service isn’t secure enough, and they don’t take the time to send you a check. Or the risks could be more significant and aggravating, from overwhelming your board with questions about legitimate charges marked as fraud, lack of meeting registrations and decreases in membership renewals to negative marks on your chapter’s reputation when people share their concerns with your choice of online payment service.
When choosing your chapter’s association payment service, consider the following security-related aspects.
Compliance: Your payment gateway should be PCI, or Payment Card Industry, compliant, which means it meets at least the minimum security requirements for processing customer transactions. Understand how often the company reviews their processes, to ensure they remain compliant, and consider a link to the PCI website on your chapter website, so members can learn more.
Encryption Standards: A single data breach can damage your association chapter’s reputation. The need for data encryption is stronger than ever, especially with the rise of public Wi-Fi networks and identity theft. Look for a service that advertises its encryption standards. One of those standards, tokenization, removes card data entirely from a transaction.
Web Application Firewall (WAF): A WAF protects web services by filtering and monitoring traffic between an application and the Internet. Placing a WAF in front of a web application adds an extra layer between the web application, in this case your association chapter’s payment gateway and the Internet. This decreases the risk of exposure by sending the data through the WAF before it reaches the gateway.
Fraud detection. Some payment gateways and processors specialize in fraud detection. They’ll help you proactively identify suspicious activity before it’s too far into the payment process. The technologies they use keep an eye out for things like several purchases for the same amount with the same credit card —which can sometimes occur if someone legitimately registers multiple people with a company credit card — and purchases made using a different billing address.
As a side note, with these fraud detection structures in place, individuals may be told their legitimate transaction is being declined for potential fraud. Tell your association chapter members about the fraud detection system you have in place and consider adding text like the following to your web site, to help them act if this happens to them.
Occasionally, payment services flag legitimate charges as possible fraud. This could occur if for example, multiple identical charges are made or when a transaction is made far from your billing address. Such misunderstandings can usually be cleared up with a call to your credit card company to verify that your card has not been compromised.
Network and Data Security. ask how the company ensures the security of its networks and servers. Do they utilize network redundancy monitoring and protection; network intrusion detection/prevention systems; and notification alerts to help prevent and detect malicious activity? How often do they upgrade their servers and network to protect against critical security issues? What kind of attention do they pay, and what’s their response to, software vulnerabilities they learn about?
Security is a collective effort
Here are steps you can take in your association chapter, in addition to choosing a secure payment service, to ensure the security of your association chapter members and guests’ data:
- Have a Safe Login Screen: An HTTPS and a lock in the address bar you’ve made it much more difficult to gain access to data.
- Don’t allow admin users, members and non-members to share login details.
- Use Welcome Email or Forgot Password functions to set and reset passwords rather than sending passwords in email.
- Make passwords adequately difficult.
- Suggest to anyone using this payment gateway that they have sufficient antivirus and malware protection and firewall security installed on their own systems.
Post your practices and security guidelines on your association chapter website to increase the comfort level of those using your payment platform, and keep in mind that payment security cannot be a one-time exercise. Have a plan to monitor the association payment service you choose – the payment gateway and the payment processor – to continue to deliver reliable, security online payment options to those who want them.
Next month, we’ll review the reporting functions to consider when choosing an association payment service.