Card Payments and Risk Management

Card payments involve a certain level of risk for the webstore. The risks in distance sales are different from those in physical trade or commerce. Reliable verification of the buyer is a challenge to the merchant because the debit or credit card and buyer are not physically present. A product or service that can be easily exchanged for money, is valuable and can be quickly resold also attracts criminals. These risks can be managed with the help of Svea Payments risk management tools.

Verification services Verified by Visa and MasterCard SecureCode

Cards are sometimes used in frauds. All webstores that accept card payments through the services of Svea Payments are automatically connected to the verification services of Verified by Visa and MasterCard SecureCode. The verification services are strong authentication services that have been developed by international card companies Visa and MasterCard and improve security. Both parties to the payment are verified at the moment of purchase: the web store and buyer (if the card used by the buyer is connected to the verification services).

The use of verification services reduces the merchant’s risks because a card holder registered for the service can be identified reliably. 3DS Authentication aims to reduce the risk of fraud by requiring the buyer to verify their identity when using a card for payment. Identity can be verified by for example signing in to the buyer's online bank (often used in Finland) or with separate passwords by the issuer of the debit or credit card. Some cards, mainly foreign card or business cards, do not require 3DS Authentication. The fraud risk is higher when 3DS Authentication is not used.

Merchant instructions and terms of Bambora AB and card companies valid at the time shall be applied to the verification services. A fraudulent transaction will not be charged from the merchant if the card holder has been identified in the transaction using the verification services.

Track card transactions

To prevent abuse, the merchant should also critically monitor the quality and quantity of transactions in their webstore, as well as the information of card holders related to the transactions. Abnormal data can include abruptly increased sales volumes, sales to a market area in which the merchant did not previously have sales, or unclear and insufficient data of the buyer. If a merchant suspects the misuse of debit or credit cards or card numbers in their webstore, Svea Payments must be notified immediately.

Svea Payments sends an email to the merchant about all unverified card payments by default and in addition the information about verification of the card transaction can be seen in the Extranet–service.

Svea Payments risk management tools

The risk management tools provided by Svea Payments enable the reliable and efficient prevention of fraud in distance sales, and help the merchant identify possible cases of fraud even before sending the product or service. The risk management tools are available to all merchants who use Svea Payments credit or debit card payments without additional fees. A merchant can use the data from risk management tools to compare the country code of the issuer of the debit or credit card to the country code of the IP address of the buyer’s browser connection and the country of delivery of the product or service given by the buyer.

If the country code, country code of the IP address of the buyer’s browser connection and the country of delivery of the product or service differ from each other and/or the transaction is not verified, it is a good idea to review the order in greater detail before delivery and consider possibly contacting the buyer. The merchant can reject a transaction if he has justified reason for suspecting misuse. However, it should be noted that there may be a natural explanation for having different country code and delivery country information, for example the buyer may be on an assignment abroad, on student exchange, or be using a debit or credit card issued by a multinational bank.

The traffic lights of Svea Payments in risk management tools are green, orange and red. The green color represents a card transaction in which no risk alerts have occurred. The orange color code portrays an unverified card transaction in which no other risk signals occurred (for instance all business card payments go to this category or the red category as unverified transactions). The red color code indicates an unverified card transaction in which the country code of the card issuer and the country code of the IP address of the buyer’s browser connection differ from each other.

The following data will be shown about card payments:

  • The country code of the issuer of the credit or debit card

  • The country code of the IP address of the buyer’s browser connection

  • Verification

  • The last 4 digits of the card number

  • The type of card

  • The category of the card

Skip to contents in this page