Increasingly, we’re being asked by our clients for help in protecting their e-commerce sites from hackers. One constant that repeats in these attacks is the use of bots to quickly rotate through a list of stolen credit card numbers until the bot finds one or more that are active and have not yet been reported as stolen. As a result, we’ve come up with a standard list of recommendations that clients can use to add one or more layers of protection to their sites.

Add CAPTCHA

You’ve no doubt come in contact with CAPTCHA before in your own online transactions. CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart. Put another way, it’s a simple challenge that bots can’t solve but real humans can easily figure out. If you want to keep bots away from your login, registration, and other important pages while allowing your customers to proceed in confidence, adding CAPTCHA is a good idea.

CAPTCHA is available in a number of different varieties, some more secure than others. The most common and widely used is the Image CAPTCHA where users have to choose the right image box(es), such as those that contain a traffic light.

Another that you’ve likely used is the Text CAPTCHA where you need to enter and submit the letters or word shown to continue. If the letters are entered incorrectly, the system will not advance and a new set of letters will be shown.

Audio CAPTCHA is a more secure, but less common variety that requires the user to listen to an audio file then enter and submit the words or numbers they hear. The most challenging and most secure form is the Math CAPTCHA where users need to solve a simple calculation in order to continue.

Add a Card Velocity Filter

Card velocity checking is a process that lets you recognize patterns of normal use and those that may indicate fraud. For example, if a single customers places multiple orders in a single day, it may not be unusual but a velocity checking filter would allow you to set the number of transactions allowed on any given day or alert you to call or email a customers to confirm that they actually placed multiple orders before processing payment.

Add Address Verification Service (AVS) and Card Verification Value (CVV)

AVS and CVV are systems that check the address and numerical code information provided by the customer against the information on file with the bank or credit card company that issued the card. AVS and CVV are additional obstacles for a fraudster to get past, but they’re best when used in combination with other methods of fraud detection.

Add Transport Layer Security (TLS) Certificate

TLS is a security protocol for transmitting data online to facilitate end-to-end communications and online transactions. It ensures encrypting of data for communicating between web-based applications and servers. A TLS certificate is a kind of digital certificate (or public key certificate/ identity certificate) issued by the Certificate Authority. The certifying authority authenticates the certificate by signing it, certifying that it belongs to a particular domain name which is the subject of the certificate. A TLS certificate consists of a public key and a private key that interacts behind the scenes during the transactions. They ensure secure encryption when someone visits a website.

You can rely on your Commonwealth Consulting Group representative if you need help adding one or more of the above security features. Just give us a call and we’ll be happy to assist you!