Discover the most frequently asked Merchant services questions
What are the main card payment security systems?
Card payment processors, banks and payment services providers (PSP) are heavily regulated to guarantee the highest level of security for card payments. All transaction information sent between card terminals, merchant accounts and banks is encrypted so as to be entirely tamper proof. Any sensitive stored data is also encrypted to ensure it can never be accessed by third parties. The Payment Card Industry Data Security Standards (PCI DSS) fully audit and regulate all processes and businesses involved within the industry, to ensure globally recognised security measures are met. Security standards set by the PCI DSS consortium apply to both online payments and face-to-face payments done using debit or credit card terminals.
Based on this framework, different types of card payment security systems are in place to enjoy secure card transactions:
- PCI-DSS compliance is a trusted benchmark in card payment security, for both in-shop and online payments. Standards are set and verified by the PCI industry consortium, an independent body which sole purpose is to make sure card payments are secure,
- Chip-and-PIN card payments are significantly more secure than swipe payments, as they use a personal PIN for authentication and a computer chip for encrypted data storage. Swipe payments use less secure, easily duplicated magnetic stripes for data and easily forgeable human signature for authentication,
- AVS and CVV are additional security systems for chip-and-PIN card payments. AVS (Address verification system) enables verification of the cardholder’s address in relation with the cardholder’s bank. CVV1 is a code in the magnetic stripe of the card and CVV2 (Card verification value) is an extra 3 or 4-digit code at the back or front of the card ensuring that the cardholder-not-present user actually has the physical card in his hands,
- 3D-secure authentication is yet another card payment security system for online payments controlled by the cardholder’s bank, which requires entering on a safe server another code known by the bank or a single-use code sent to the cardholder’s mobile phone.