Electronic payments and their security

Electronic payments are an integral part of e-commerce, and the security and convenience of their execution determine the existence of the entire e-commerce world.

According to research in 2021, online sales worldwide exceeded $5.2 trillion, and experts predict further annual growth due to the increasing popularity of online shopping. According to statistics from the National Bank of Ukraine, approximately 446 million payments are made each year, with a total amount of over 57 trillion hryvnia. This figure increases every year in both quantity and total amount. This statistic only reflects the conduct of electronic payments in the NBU system, not taking into account statistics for alternative methods.

Available online payment methods

Depending on the payment system, different payment methods are offered, which also depend on the country. In general, the following methods can be identified for making online payments:

• Payment via electronic wallets - services that provide storage of users' electronic money, which have a real equivalent and allow for non-cash payment online (an example of an electronic wallet is PayPal).
• Mobile payments made through Apple Pay or Google Pay. The main advantage of these payments is their speed and the absence of the need to enter additional data.
• Operations for payment made through online banking, where the operator is a bank that serves as a guarantor of the security of such transactions. It may use dynamic passwords, callbacks to confirm the identity of the payer.
• Payment made through credit and debit cards such as Visa or Mastercard.
• Operations using cryptocurrency wallets. This method is becoming increasingly popular due to the high level of reliability and the ability to maintain confidentiality.

Implementing cashless payments requires the integration of payment systems on the website. Information on the concepts, features, and differences of payment systems can be found in our other article at the link.

Issues with Electronic Payments

There are three main categories of problems related to electronic payments:

• Issues related to the convenience of implementation;
• Issues related to the convenience of conducting payments; and
• Issues related to security.

However, the first two groups of problems can be effectively addressed by the availability of alternative methods. Payment systems with ready-made solutions can be selected, making implementation and payment methods more convenient. In particular, selecting a payment system that allows payment by preferred means can help to address convenience-related issues.

Unauthorized Data Usage

This refers to the use of data by fraudsters. Cyber-attacks on e-commerce sites with the aim of obtaining personal data from users have become a common occurrence. This can happen if companies are unable to provide an adequate level of security for their customers' personal information. To address this, the use of SSL/TLS certificates is mandatory to protect data transfer, and firewalls are used to protect against attacks. Two-factor authentication is also a desirable additional security element. It is recommended to conduct systematic audits and security monitoring to identify potential threats, as thieves continue to improve their methods and technologies.

Fake Pages and Websites

For some time now, criminals have been initiating thefts of user funds by using fake websites that mirror the original bank's pages. This can be implemented as a site or as a separate page that supposedly leads to payment for goods. The payer, who suspects nothing, enters secret data from their personal account, which allows fraudsters to withdraw funds. It is important to provide information to users about proper website usage. Users must clearly understand how payment is made on the site and be able to distinguish fake pages from the original ones.

Incorrect Fund Deductions Using the 3-D Secure Protocol

When using the 3-D Secure protocol, there may be issues with the incorrect deduction of funds.

Fraud with 3-D Secure

Criminals have learned to manipulate this mechanism for their own purposes. 3-D Secure is used on the payment confirmation page. In fact, the presence of this protocol reduces the risk of fraud, but it is still vulnerable.

Thus, the user visits a fake online store page and ends up on a fake payment confirmation page where they enter their payment information. At this point, the server initiates a call to 3-D Secure and the bank operator does not consider this operation suspicious, does not reveal it, and debits the user's account.

Practical steps to enhance the security of online payments

1. Verification of IP and payment address. If the verification service detects that the customer's IP address does not match the address of the credit card, the transaction may be considered unsafe, which can help prevent fraud.
2. High password requirements for users. To gain access to user data, fraudsters may try to hack into their accounts by guessing their passwords using birth dates or simple combinations of numbers. Therefore, the more complex the password, the higher the level of protection.
3. Compliance with SCA. Strict customer authentication requires payment card issuers to use several methods to confirm identity during transactions.
4. Implementation of payment tokenization. This helps de-identify the user's confidential payment information by transforming it into a combination of random numbers. This protected information is then transmitted during the payment process.
5. Use of encryption protocols. Transport Layer Security and Secure Sockets Layer are cryptographic protocols that guarantee secure data transmission. Confidential information is encrypted and only accessible to the recipient.
6. Use of specialized payment gateways. Website owners can use payment gateways to detect and manage fraud. Algorithms and detection requirements are based on the specific situation and acceptable level of risk. They can reject transactions or require additional confirmation.
7. Continuous monitoring of the situation. Since fraudsters are constantly improving their methods to exclude the possibility of unauthorized online payments, it is important not only to implement security technologies but also to be aware of new methods used by criminals..