PCI Security Related: How to authenticate large credit card transactions?

Posted on 2011-02-14
Medium Priority
Last Modified: 2012-05-11
This one is a little off the beaten path for EE - but hey nothing ventured..

We take some very large credit card transactions over the phone for our services.  e.g. like $50,000 for a single transaction.  In order to authenticate the person we typically require the customer to fax in a copy of drivers license and the credit card.  I was hoping a security pro might be able to advise on another method of verifying that the customer is who they say they are and is authorized to use that particular credit card.  Thank you.
Question by:amigan_99

Accepted Solution

RobertParten earned 1000 total points
ID: 34890547
Have you checked with your Credit Card Processing company to see if they offer other mechanisms? A lot of banks offer a number to businesses that allows you to verify identity. Otherwise, I would check with your credit card processing company for further detail.
LVL 10

Assisted Solution

ChopperCentury earned 1000 total points
ID: 34890698
Other than all the typical checks you would perform there is really no way to validate that the person ordering is the actual card holder. Even people who pass the AVS check and CVV code can still be fraudulant. With the volume of cash you are risking in the sale, you are being very dilligent with requiring a faxed DL. There will always be that one fraudster that gets by and when gambiling with those high transcations, you typically reflect to your organizational risk assessment for guidance.

Author Closing Comment

ID: 35010503
Thank you for the ideas.

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
The onset of year 2018 has been a usual business for IT teams still struggling to find their way out in terms of strengthening their cloud security.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question