People are afraid to leave their personal data (say, a bank card number) online, because they do not want to become victims of scammers. According to a study, a quarter of users interrupted online purchases when faced with the need to entrust personal data to an online store. The fear of online shopping has even been described in several scientific papers as a phobia. And yet, over the years, people are less and less afraid of online payments. For example, according to TNS 2014, about half of Russians have made purchases on the Internet at least once.
What data do I need to enter when paying by card on the Internet?
Banks and payment systems require you to enter the owner’s name and surname, card number, card authentication code (three-digit code on the back) and its validity period when paying with a card. Authentication code – CVC or CVV – serves as additional protection against fraud: if someone steals your 16-digit number and other information from the front of your card, you will not be able to use money without a three-digit code. That is now available online through. If all this data ends up in the hands of hackers, that’s a problem. But more often than not, companies do not store the entire dataset in one database.
Why do you need to enter all this data?
The paradox is that the data that people are so afraid to enter when paying is needed just to protect them from fraud. Payment systems Visa and MasterCard (we only talk about them, because they control almost the entire Russian market) have security systems – 3D Secure and Secure Code. These systems allow the bank to confirm that the payment is made by the owner, and not by the one who illegally took possession of the card or data from the card. The payment system asks you to enter a one-time password – the bank can send it in a message to the phone number you specified when registering the account. Some banks give customers a set of one-time passwords or a special gadget that generates them in advance. Some banks issue a set of reusable passwords – this is the least secure option. A fraudster can steal your card and try to buy something on the Internet on your behalf, but if he does not receive a one-time password, he will fail. When paying, stores redirect customers to the bank’s page so that they can enter a password. If it happens somehow differently, it probably means that the store does not support the 3D Secure / SecureCode system.
Summarize CVVs are not just random numbers. Their purpose is to prevent misuse of payment data. Keep in mind that not every seller will ask for a CVV, but it is helpful to know where it is if asked to share it. Also, pay attention to the payment aggregator that the store uses. If it’s a reliable provider with a lot of experience and a good reputation, your payment information will be safe for sure. For example, Interkassa operates in accordance with the PCI DSS certificate – the highest level of data protection. And 3D Secure technology allows you to verify users.