Helping businesses manage risk amidst the new normal of coronavirus

As online shopping increases, businesses must review their risk strategies to prevent fraud

By Michael Lemberger, SVP and Regional Risk Officer, North America

Diptych with woman looking at computer on left and sign that says pick up here on left


The world is in the midst of an unprecedented time navigating through a global pandemic. Unlike 1918, the world is a much smaller place today with more people traveling across states, countries and continents than ever before.

As consumers switch to a digital-first mindset, businesses are shifting the way they do business to meet consumer demand. Unfortunately, fraudsters do not take days off so business owners must ensure they have the proper risk strategies and security solutions in place to help manage risk.

There are a lot of factors and scenarios that need to be examined to adequately manage business risk — more than we can cover here. However, I’ve listed a few examples of risk strategies and security layers that business owners should be mindful of, as they resume business and build or enhance their online presence.


Buy Online Pickup In Store (BOPIS)
Consumers who have been sheltering in place are eager to go outside and business owners are anxious to re-open for business. However, anxiety among some shoppers and health ordinances by local governments will require businesses to adjust their operations to help mitigate the possibility of a second wave of infections.

For sellers with online and brick-and-mortar operations, “buy online, pick-up in store” (BOPIS) bridges the digital and physical by enabling consumers to order products online and pick them up from a retail location. BOPIS helps consumers avoid shipping fees and minimizes friction by enabling consumers to pick up their purchases whenever is most convenient for them. Some sellers offer curbside pick-up services so the customer never has to leave their car so they can practice social distancing and avoid possible crowds.

However, the benefits of BOPIS are not without risk. Sellers may be exposed to an increase risk of fraud because BOPIS transactions may contain less information for a business to assess risk such as a shipping address. Unlike conventional in-store transactions, a BOPIS transaction also does not benefit from the secure capture of payment data like chip-on-chip or tap-to-pay methods.

To help business owners avoid potential fraud while adopting the BOPIS model, Visa developed a best practices guide for fraud prevention strategies. The guide is available for free to clients and non-clients and can be downloaded here.


Visa Secure
For businesses selling goods or services online, Visa has developed a program that helps ensure that payments are made by the rightful owner of the Visa account, to make online purchases more secure. We aim to make your online transactions as secure, fast and convenient as purchases you make in a store. By working closely with participating merchants and issuers, Visa helps protect your card against unauthorized use when you shop online.

When you shop online and see the Visa Secure badge on participating merchant sites, this means your online purchases are secured with Visa. Whether you’re using a desktop, mobile or other digital device, you may be guided through an additional check to verify your identity. This helps your issuer know you’re really you, and it better protects you from fraud. 


Visa Token Service
Secure digital tokens help make digital transactions more secure by tokenizing both one-time and recurring payments made with Visa credentials. Tokenization replaces a cardholder’s 16-digit Visa account number with a token that only Visa can unlock, protecting the underlying card number from fraudsters.

In addition to enhancing security, tokenization also helps reduce friction in the payment process, because customers do not have to manually update stored card information if their Visa card is lost, stolen or expires. Instead, financial institutions can automatically update expired or compromised payment credentials. This can reduce missed payments for merchants, and help consumers avoid unwanted late payment fees or charges.

Since the launch of the Visa Token Service in 2014, Visa has added more than 150 global token requestors — including mobile and wearable manufactures, issuer wallets, online merchants, payment service providers and acquirers — from 137 markets onto the token platform. Visa recently announced participants in Visa Token Service (VTS) are estimated to process a combined digital payment volume of $1 trillion[1], marking a significant opportunity in its efforts to make digital payments more secure.


Visa eCommerce Threat Disruption
Among the long list of benefits business and financial institution clients enjoy as participants in the Visa global payment network is a suite of innovative security capabilities designed to help prevent and disrupt payment fraud. They are available to Visa clients at no additional cost or sign-up, but through Visa’s continued investments in intelligence and technology.

As part of the suite, Visa eCommerce Threat Disruption (eTD) is a proprietary solution that uses sophisticated technology and investigative techniques to proactively scan the front-end of eCommerce websites for payment data skimming malware. Identifying potential website compromises limits the amount of time malware might be present on a merchant website and significantly reduces exposure of customer and payment data. Visa fraud experts staff global Risk Operation Centers 24x7x365 and were recently credited for discovering a new JavaScript malware named Pipka that was used to skim payment data on ecommerce websites.   


These are just a few examples of Visa resources, solutions and benefits available to business owners. If you’re just starting to build your online business, checkout Five tips to get your business online by Carleigh Jaques, Senior Vice President and General Manager of CyberSource.




[1] This figure is a combination of actuals and PV estimates reported by Visa


Tag: Tokenization Tag: Fraud Tag: Payment Security Tag: Cybersecurity

The Visa Blog Newsletter

Sign up for the latest news and views from Visa