Posted by Uni Bul.

How to Protect E-Commerce Merchant Accounts from Intrusion

How to Protect E-Commerce Merchant Accounts from Intrusion


There are several weak links in an e-commerce merchant account that are typically targeted by criminals looking to steal card account information. Recognizing where these weak spots are and understanding how to beef up your fraud prevention and data security mechanisms will help keep the bad guys at bay.


Among the favorite targets for cyber criminals looking for credit card data are an e-commerce website’s shopping cart and the payment gateway that connects it to the merchant’s processing bank’s system. Criminals usually attack web-based merchants that use weak or generic passwords. Once they gain access to the merchant account, they start processing fraudulent debit and credit transactions. The fraudulent sales are usually equal or similar in total amount to the deposited credits, so that they offset each other. This is done in an effort to avoid detection by deposit-volume monitoring.


To keep your e-commerce merchant account safe, merchants should apply the following best practices:

  • Conduct daily monitoring of authorizations and transactions. In particular, you should check daily for the following:
    • Authorization-only transactions. An unusually high number of authorization-only transactions could indicate that your website is being tested for vulnerability.
    • An unusually high number, average size, or volume of credit transactions. This could be an indication of a fraud.
    • Identical or similar transaction amounts.
    • Transactions that do not include customer identification information.
    • Multiple transactions from the same Internet Protocol (IP) address.
    • Transactions with similar account numbers. Such credit card accounts may have been generated by software for generating fraudulent account numbers (e.g. CreditMaster).
    • Multiple transactions made using a single account within a short period of time. This is a typical sign of fraud where a criminal is attempting to run up as much charges as possible within the limited time he or she has before the stolen account is blocked.
  • Monitor your daily batches. In particular:
  • Create a strong password for your payment gateway and change it regularly. For best results you should:
    • Use a combination of letters and numbers with a minimum of six characters.
    • Make sure that the log-in ID and password are different.
  • Maintain compliance with the requirements of the Payment Card Industry (PCI) Data Security Standards (DSS). PCI DSS are specifically designed to help merchants with their data security management, policies, procedures, network architecture, software design and other protective measures. There are 12 mandatory standards built around several core principles: building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks and maintaining an information security policy.


What else has worked for you in protecting your merchant account from intrusion? Share your experience in the comments below!


Image credit: Bounceenergy.com.

Comments Off
Tags: best practices, data security, e-commerce, fraud prevention
Subscribe via RSS or Email: Submit

Learn how to lower your card acceptance cost

Payment Card Acceptance KitLearn how to accept credit and debit cards at the lowest processing costs. The Payment Card Acceptance kit contains a video and an e-book:

1. Video - Card Acceptance Best Practices for Lowest Processing Costs (18 min).
2. E-Book - Payment Card Acceptance Guide (19 pages).

Payment Card Acceptance Kit

Comments are closed.

Close