What are the different types of card payment security?

Published: 12/ 09/ 2019

When it comes to card payments, security’s key - for you and your customer, but it can also be pretty confusing to get your head around if you’re new to it all. 

So, to help you get to grips with everything you need to know, we’ve come armed with all the important bits about the four main measures: Chip and PIN, AVS and CVV, 3D Secure Authentication and PCI DSS Compliance.

P.S. Don’t worry, they’re not as complicated as they sound.

1. Chip and PIN 

This is the most common type of payment security used in card machines. The majority of people have probably heard of it, it’s been around since 2006.

Life pre-Chip and PIN...

Was a lot different. Businesses had to take payments using a magnetic swipe which worked like this:

  1. You swipe the customer’s card through the machine
  2. They sign the receipt (yes, using an actual pen and paper)
  3. You check the signature matches what’s on the card.

Sounds pretty pre-historic compared to how things work now, doesn’t it?

The problem with using a magnetic swipe was that if someone lost their card there wasn’t much stopping someone else from fraudulently using it; all they had to do is forge the signature that was right in front of them. The Chip and PIN revolution put an end to all that.

How it works

Step 1: the customer puts their card in the machine and enters their four-digit PIN when prompted.

PIN codes are set by the bank when someone first gets their card and most people change theirs to something personal (but not obvious) and easy to remember.

Step 2: once the PIN’s been entered it turns into encrypted data and is sent to your business’ merchant account.

What’s encrypted data? Basically, it just means the PIN code is turned into another form of code that only people with a decryption key or password can access.

Step 3: when the customer’s payment’s been given the all-clear it’ll show in your business bank account in 3 to 5 days, ready for you to access.

And don’t worry, all this goes on behind the scenes without you lifting a finger, and takes just a couple of seconds. 

Chip and PIN benefits:

  • Quicker
  • Safer
  • More practical.

FYI: the process for contactless payments works almost exactly the same, just without the customer’s four-digit code.

2. Address Verification System (AVS) and Card Verification Value (CVV) checks

Whether they’re done with a card machine or through a virtual terminal, AVS and CVV checks should be used for all phone payments.

How they work:

Address Verification System (AVS)

Card Verification Value (CVV or CV2)

You’ll be asked to provide your customer’s full billing address and then the system matches the postcode given to the address already stored with their bank.

Requires your customer’s CVC or CSC (card security code) to verify the card’s details - this is either a three or four-digit number that can usually be found on the back of the card.

The good thing about AVS and CVV checks is they’re done in real-time so you can go ahead and accept or reject the transaction right away.

Important: failed checks could be a sign of credit fraud, so, if you get any, in the interest of yours and your customer’s safety, it’s best to decline the payment.

3. 3D Secure Authentication

This one applies to online payments and although there are security measures in place without it, adds another layer to help stomp out credit fraud - it’s also backed by big-name card issuers like Mastercard and American Express.

How it works

After your customer’s entered their usual details (like their billing address and CVV number) but before their payment’s processed, they’re taken to their card provider’s 3D secure page where they’ll either be:

  • Asked for their banking password, or
  • Sent an authentication code to enter.

As with the other two, this process is super quick but this time it’s done by the person’s card provider.

4. PCI DSS Compliance

Last but by no means least is Payment Card Industry Data Security Standard (PCI DSS) Compliance. 

It’s a standard that applies to any card payment and exists to make sure businesses are doing their bit to protect their customers. Mainly, this involves ensuring you’re storing, transmitting and processing customer data safely.

A couple of quick facts:

  1. It applies to any card payment - in-person, online or over the phone.
  2. No business is exempt, no matter how big or small.
  3. Failure to comply could result in extra PCI charges each month.

We can help you get PCI compliant, you can read more about it here.

You can put your trust in us

Safe’s our middle name. Whether you’re looking for a portable card machine or a mobile EPOS system, yours and your customers’ safety is at the centre of everything we do:

  • All our solutions use at least one of the above safety features,
  • Everything we do’s in-line with the latest PCI DSS guidelines, and
  • Our secure merchant accounts means safe transactions.

For more about what we do and how we do it get in touch with the team on 0808 274 2017

Related articles.

Hairdressers Card Payment

Tuesday, 28 May 2019

What is a card reader?

Read more
Hairdresser Card Terminal

Wednesday, 29 May 2019

What is a PDQ machine?

Read more
laptop virtual terminal

Tuesday, 20 August 2019

A complete guide to 3D secure authentication.

Read more
Takepayments Barclaycard