Siddique Hameed - Security for WooCommerce Payments

Transcript

1. HAMEED SIDDIQUE 10:00 SIMPLIFY COMMERCE MAIN ROOM NEXT WOOCONF2016 SECURITY

   FOR WOOCOMMERCE PAYMENTS

2. ©2016 MasterCard Security of Payments #WooConf 2016 Siddique Hameed

3. ©2016 MasterCard MasterCard By Numbers

4. ©2016 MasterCard 83 Card Not Present(CNP) fraud is a major

   concern for U.S. merchants and is expected to grow. Source: 1. TBD, Seven times harder to detect and prevent card not present fraud vs card present transactions. The U.S. is responsible for 47 percent of the world’s card fraud despite only accounting for 24 percent of total worldwide card volume. Online CNP fraud has increased by 120% in past decade.

5. ©2016 MasterCard 84 How your business is at risk Making

   sales is a must, but you can’t get afford to fall victim to fraud. of US merchants who sell online are reporting increased CNP fraud3 42% Increase in fraudulent transactions from H2 2013 to H1 20141 1 in 86 transactions were fraudulent 32% Increase in fraud
 attempts on digital goods in Q3 of 20152 254% Source: 1.. ACI Worldwide, 2. Forter Global Fraud Index, 3. The Strawhecker Group

6. 4-Party Payment System • Customer • Merchant • Merchant Bank

   (Acquiring bank) • Issuing Bank

7. Data Breach •Credentials •Sensitive Data Storage

8. 1. Cardholder submits MasterCard account to merchant Merchant’s bank asks

   MasterCard to determine cardholder’s bank MasterCard validates and approves sending to issuer’s bank for purchase approval Issuer’s bank approves the purchase MasterCard sends approval to merchant’s bank Merchant’s bank sends approval to Merchant Transaction Security Tokenization AVS/CVC Checks Velocity Checks Avoid Data Breach Avoid Fraudulent Card Use Location Checks

9. GET /security/getme.php? name=Rahul&submit=submit HTTP/1.1 Host: www.rahuldeshpande.net Connection: keep-alive Accept: text/html,application/xhtml

   +xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.65 Safari/537.36 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 https://www.rahuldeshpande.net/security/getme.php?name=Rahul http://www.rahuldeshpande.net/security/getme.php?name=Rahul SSL at Transport Layer

10. Your website (server) Customer (browser) Payment Gateway Credit Card Information

    PCI Exposure - sensitive data Credit Card Information

11. Your website (server) Customer (browser) Submit Token Charge Token Submit

    Credit Card Information Get Simplify Token

12. AVS/CVC Address Verification Service/ Card Verification Codes • Lower fraud

    • Chargebacks • Higher approval rate • Flag potential issues with orders

13. Location Checks for Fraud • Billing vs. Shipping address •

    IP address vs. billing • Person using a proxy • Known networks • IP location – country • Which country the card is registered

14. Velocity Checks for Fraud • Number of payments by the

    same card • IP address • Device • Email • Number of payments

15. Simplify Controls Interested?

16. Start accepting payments now. It’s that simple. • Merchant account

    • Instant acceptance • Built by MasterCard Simplify Commerce

17. Let’s get started. 96 We’re here to help: [email protected] [email protected]