Leading online payment security measures for ecommerce

Online business is booming. And so is cybercrime. It’s easy to think that stolen or compromised data is something that happens to other people. Many ecommerce shops have found out the hard way that one well-publicised data breach is enough to destroy an otherwise thriving business.

Even though customers are becoming more and more comfortable shopping online, a 2022 Business Wire survey found that 59 percent of consumers in Europe were more concerned about becoming a victim of online fraud than they were a year ago.

At the same time, customers want a fast, hassle-free checkout experience. Your conversion rate depends on it.

Read on to find out how you can make sure your ecommerce shop can minimise risk while maximising conversion.

Are online payments more secure?

Depending on the country, ‘card not present’ fraud accounts for 70 to 80 percent of all credit card or debit card fraud activity. ‘Card not present’ means unauthorised use of card details to make a purchase without the physical card. About 90 percent of card details are sourced thanks to email phishing scams directed at your customer or people that work for you.

To add some context, in 2019, the latest year for which the European Central Bank has published statistics, ’card present’ and ‘card not present’ fraud accounted for 0.036 percent of all card transactions in Europe. In percentage terms, it doesn’t sound like much, but in Euros, that works out to €1.87bn.

The best ways to provide secure online payments

In recent years, governments and card companies like Visa and Mastercard have rolled out new security protocols to help reduce the ease with which fraudsters can make ‘card not present’ purchases.

They have also put the responsibility for fraudulent payments on payment service providers rather than ecommerce shops. This means that for the most part, providing a safe cart checkout process for your customers is as straightforward as choosing a payment service provider, like Mollie, that is not only compliant with European and international security regulations, but committed to reducing fraud wherever possible.

Let’s take a look at the anti-fraud protocols currently in place in Europe. 


The Payment Card Industry Security Standards Council is a global non-government body created by payment card companies like Visa, Mastercard, and JCB. The board also has representatives from European payment methods.

PCI Data Security Standard (PCI DSS) is a set of 12 regulations any business wanting to process, store or transmit card data is required to follow. In an ecommerce context, this is usually your payment gateway, payment processor, or payment service provider.

PSD2 and Strong Customer Authentication (SCA)

This EU directive came into force in 2018 as a means of levelling the playing field between traditional banks and fintechs like Mollie. All PSPs operating in Europe must be PSD2 compliant and use SCA in each transaction to help reduce fraud and the chances of a data breach. 

Like PCI DSS, it is the responsibility of your PSP to implement PSD2 and SCA protocols. Your job when choosing a PSP is to make sure they are actually doing so.

AI-assisted fraud monitoring

It is impossible to manually review each transaction for fraud. Fortunately, banks, fintechs, and other players in the payments space have developed sophisticated fraud detection tools that use AI to make decisions about accepting or declining a payment. This is why you might have your card declined when you’re travelling if you haven’t bought an airline ticket or a corresponding hotel stay with that card.

There are also tools available for your store’s backend to help determine which customers are doing multiple chargebacks, have missed payments, are purchasing multiple items below a certain threshold, or are making a number of purchases in a very short amount of time. The more checks you have in place, the more customers will be rejected. It’s up to you to determine the right balance of risk mitigation and conversion for your business.

Strong and unique passwords

Even though the fraud prevention burden in the payment processing part of the transaction is borne by your PSP, there are still things you can do in your shop’s back end to further protect your customers.

One of the main things is to require a strong and unique password. Passwords that are easy to guess are vulnerable to phishing attacks and hacking. Requiring customers to choose passwords with at least eight characters, a mix of upper and lowercase letters and at least one number and at least one special character will make it much more difficult for thieves to gain entry.

SSL protocols 

SSL protocols are not really something you have to do, as much as it’s something you should know about. Since 2018, all websites are obligated to implement the Secure Sockets Layer (SSL) security protocol, which encrypts information between your website and the browser.

(You may have noticed this in the URL of websites: HTTPS instead of the old HTTP).

As of 2022, 95 percent of all web traffic that goes across Google is encrypted, including all the common ecommerce platforms, PSPs, payment gateways, and payment processors. If you buy a new URL to start your business, you’ll get an SSL certificate as standard. 

Enjoy a seamless online payment processing experience with Mollie

Mollie helps businesses take payments online securely without compromising on UX or conversion. We are proudly PSD2, SCA, and PCI DSS compliant. Try Mollie out and see for yourself how sales and security work together to help your business grow.

Get better payments now.