Risk management and card payments

Svea Payments is responsible for it's card payment service complying to the PCI DSS data security standard also for the part where the service is outsourced for example to a technical service provider handling card information. The web store is in turn responsible for the data security in the web store according to the PCI DSS data security standard.

The risks in distance sales are different from those in physical trade or commerce. Reliable verification of the buyer is a challenge to the merchant because the debit or credit card and buyer are not physically present. A product or service that can be easily exchanged for money, is valuable and can be quickly resold also attracts criminals.

Verification services Verified by Visa and MasterCard SecureCode

All web stores who accept card payments through the services of Svea Payments are automatically connected to the verification services of Verified by Visa and MasterCard SecureCode. The verification services are strong authentication services that have been developed by international card companies Visa and MasterCard and improve security. Both parties to the payment are verified at the moment of purchase: the web store and buyer (if the card used by the buyer is connected to the verification services).

In a verified transaction the debit or credit card is identified in connection with a payment made in the web store with separate passwords by the issuer of the debit or credit card. The use of verification services reduces the merchant’s risks because a card holder registered for the service can be identified reliably. Merchant instructions and terms of Euroline AB and card companies valid at the time shall be applied to the verification services. A fraudulent transaction shall not be charged from the merchant if the card holder has been identified in the transaction using the verification services.

Track card transactions

To prevent abuse, the merchant should also critically monitor the quality and quantity of transactions at his or her places of business, as well as the information of card holders related to the transactions. Abnormal data can include abruptly increased sales volumes, sales to a market area in which the merchant did not previously have sales, or unclear and insufficient data of the buyer. If a merchant suspects the misuse of debit or credit cards or card numbers at his or her place of business, Svea Payments must be notified immediately.

Svea Payments sends an email to the merchant about all unverified card payments by default and in addition the information about verification of the card transaction can be seen in the Extranet–service.

Svea Payments risk management tools

The risk management tools provided by Svea Payments enable the reliable and efficient prevention of fraud in distance sales, and help the merchant identify possible cases of fraud even before sending the product or service. The risk management tools are available to all merchants who use Svea Payments credit or debit card payments without additional fees. A merchant can use the data from risk management tools to compare the country code of the issuer of the debit or credit card to the country code of the IP address of the buyer’s browser connection and the country of delivery of the product or service given by the buyer.

If the country code, country code of the IP address of the buyer’s browser connection and the country of delivery of the product or service differ from each other and/or the transaction is not verified, it is a good idea to review the order in greater detail before delivery and consider possibly contacting the buyer. The merchant can reject a transaction if he has justified reason for suspecting misuse. However, it should be noted that there may be a natural explanation for having different country code and delivery country information, for example the buyer may be on an assignment abroad, on student exchange, or be using a debit or credit card issued by a multinational bank.

The traffic lights of Svea Payments in risk management tools are green, orange and red. The green color verifies a card transaction in which no risk alerts have occurred. The orange color code portrays an unverified card transaction in which no other risk signals occurred (for instance all business card payments go to this category or the red category as unverified transactions). The red color code indicates an unverified card transaction in which the country code of the card issuer and the country code of the IP address of the buyer’s browser connection differ from each other.

How to check unverified card transactions

Select ”Only unverified card payments” from the Payment methods list on the Transactions page, and enter the interval of the period you want to review.

Select the transaction you want from the list of transaction by clicking on the payment ID / order number / reference number of the transaction in question and you are directed to the Transaction Information screen. The following data will be shown about card payments:

  • The country code of the issuer of the credit or debit card

  • The country code of the IP address of the buyer’s browser connection

  • Verification

  • The last 4 digits of the card number

  • The type of card

  • The category of the card