Risk And Compliance For Payment Processing | CatalystPay

Risk & Compliance

Risk strategy and controls tailored to your business

We not only provide you the industry insights and expertise to set your anti-fraud and compliance strategy that fits your business goals, but also the tools and controls to execute it.

Fight fraud and boost sales

Create a highly customised fraud prevention profile adapted to your business needs, addressing fraudulent activity and chargebacks while boosting sales.

Keep your online business protected and customers happy

Mitigate chargeback risk and minimize financial loses while reducing customer complaints.

Reduce chargebacks and losses

Prevent and manage customer disputes with the best-in-class solutions. The ability to prevent and manage chargebacks is crucial for some merchant categories. We offer solutions to help you sustain compliance with card schemes risk programmes while ultimately reducing financial losses and incrasing customer satisfaction level.

Reduce compliance burdens and keep payments safe

Optimize your payments performance while sustaining compliance with PCI DSS and SCA regulations.

Frequently Asked Questions

Have questions about Risk and Compliance? Find the answers here.

  • What is Strong Customer Authentication (SCA)?

    Strong Customer Authentication (SCA) is one of the requirements of Payment Services Directive 2 (PSD2). Its aim is to make online and (contactless) offline payments more secure. It asks merchants to add at least 2 of the following 3 authentication pathways into their online checkout:

    o Ask the customer for information they KNOW ( e.g a password )
    o Something the customer HAS ( e.g a hardware token )
    o Ask the customer to prove who they ARE ( e.g a fingerprint or face ID )
  • What is 3D Secure 1?

    3D Secure, also known as a payer authentication, is a security protocol that helps to prevent fraud in CNP (card not present) payment card transactions. This additional security was initiated and created by Visa and MasterCard and it’s branded as ‘Verified by Visa’ and ‘MasterCard SecureCode’ respectively.

    The payer authentication is a three-part process, so there are three parties involved in the process: the issuer (such as Visa or MasterCard), the acquirer, and the interoperability domain (such as payment system).
  • What is 3D Secure 2?

    3D Secure 2 (3DS2) is the updated security protocol that was formerly 3D Secure 1 (3DS1). Here’s what you need to know:

    • It protects customers shopping online with a credit or debit card
    • It uses a secure three-way authentication process to confirm the buyer’s identity in line with the SCA requirements of the PSD2.
    • It performs as many security checks as possible in the background so the customer gets a smoother shopping experience.
  • What is Address Verification Services (AVS)?

    Address Verification Service (AVS) is an identity verification tool used by ecommerce merchants to reduce the risk of unauthorized transactions and the resulting chargebacks. AVS compares the billing address provided by the shopper during checkout to the cardholder’s billing address on file with the issuer.

    How Does AVS Work?

    Address Verification Service analyzes the numeric portion of the billing address — the building number and the postal code. The analysis will yield one of several results, which is communicated to the merchant with a code. Codes communicate results such as:

    o Neither the street address nor postal code provided during checkout match what is on file with the issuer.
    o The street address provided during checkout matches what is on file with the issuer, but the postal code doesn’t match.
    o The postal code provided during checkout matches what’s on file with the issuer, but the street address doesn’t match.
    o Both postal code and street address provided during checkout match what the issuer has on file.
    o A mismatch result could indicate potential fraud. It is assumed the cardholder would know the correct billing address for the card — whereas a fraudster likely would not.

    The merchant will determine an appropriate level of risk exposure for the business and establish stipulations regarding AVS outcomes. Then, transactions will be approved or declined based on merchant’s preferences.

    Things to Consider

    o Address Verification Service has limited functionality with cards issued by international banks. It’s mostly used in the US.
    o Pre-paid cards likely don’t have billing information on file.
    o False positive results are possible if the cardholder moves and fails to update account information with the bank.
    o AVS is supported by all card brands. Visa uses results to help assign liability for allocation disputes.
    o If the merchant doesn’t have a positive AVS match, it will be very difficult to fight and win fraud-related chargebacks.
  • What is Payment Card Industry Data Security Standard (PCI DSS)?

    The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around usage of cardholder data to reduce credit card fraud. The PCI Data Security Standard specifies twelve requirements for compliance, organized into six logically related groups called "control objectives". The six groups are:

    o Build and Maintain a Secure Network and Systems
    o Protect Cardholder Data
    o Maintain a Vulnerability Management Program
    o Implement Strong Access Control Measures
    o Regularly Monitor and Test Networks
    o Maintain an Information Security Policy
Still have questions?