Merchant online payment security

Merchant online payment security

While the growth of digital commerce creates great opportunity for businesses, dealing with online payments also carries increased risk of fraud. Payment security solutions help to reduce the risk. Learn the basics here.

What does payment security mean?

Payment security solutions protect both you and your customers; fighting fraud and keeping payment data safe and secure.



Providing secure online payments



Theft, fraud and compromised data can impact everyone involved. These compliance standards and secure payment systems and solutions can help protect both you and your customers:


Payment Card Industry (PCI) compliance


The Payment Card Industry Security Standards Council (PCI SSC) helps merchants
understand and implement security policies, technologies and processes to
protect payment systems from cardmember data theft.


Payment Card Industry Data Security Standard (PCI DSS) is the global standard adopted by all organisations that process, store or transmit cardmember data and sensitive authentication data. If you accept or process payment cards, this will apply to


Keeping Cardmember information safe and secure is an important part of your agreement to accept American Express payments. Find out more on The Data Security
Operating Policy here
. Or go straight to the PCI DSS Quick Reference Guide.


Strong Customer Authentication (SCA)


Payment Service Directive 2 (PSD2) was introduced in January 2018, designed to elevate online transaction security. As a result, all ecommerce transactions must

comply with SCA as of 1 June 2021, meaning payment issuers will need transaction
authentication confirmation from the cardmember, gathered using 3D Secure


SCA technology reduces the chances of fraudulent transactions (for both you and the
cardmember) and transfers liability from you to your customer’s card issuer. If
your online card payment checkout does not meet the new legal SCA requirements,
customers may not be able to buy from you.


Discover SafeKey, our answer to SCA, below. 


3D Secure


3D Secure provides an extra layer of security when you take payments online.
Customers are redirected to a 3D secure page owned by the card issuer, where
they’re asked to verify their identity through a push notification or by
entering a code or PIN to validate payment.  


Secure Sockets Layer (SSL)


SSL or Transport Layer Security (TLS) encrypts sensitive Cardmember data. When implemented, you’ll see a little green padlock in the web address bar at checkout.


Address Verification Service (AVS)


AVS allows you to check your customer’s billing address and postcode against the
details held by the payment provider, to reassure you that the person making
the transaction owns the card. 




American Express SafeKey 2.0

SafeKey is our SCA solution. It uses 3D Secure technology to detect and reduce online
fraud, and transfers liability for fraud chargebacks on SafeKey-authenticated
and attempted transactions to the Card issuer (us at American Express). It works
in the background as purchases are made on your site, enabling real-time
information exchange with us to reduce verification prompts (while being just
as secure). This streamlines the online payment process for customers and so
can also prevent basket abandons – win, win.


If SafeKey picks up anything unusual, like a pricey purchase from a new device,
the Cardmember will be asked to provide authentication. 


Express list


SafeKey’s Express List keeps online shopping simple and secure for your customers. If your business is eligible, Cardmembers can add you to a trusted list, which allows us to verify their payment without sending a code, push notification or asking for part of their PIN. 

Start accepting American Express Card payments


Start accepting American Express on your e-commerce site by giving us a call on 0800 339 911 (Monday to Friday, 8:00 to 18:00), or request a call back from one of our Sales Representatives. 


Further ways to reduce your risk of fraud


When combined with secure payment solutions and systems, simple everyday vigilance could help you reduce the risk of fraud. Watch out for the following warning signs: 


  • Different delivery and billing addresses
  • Orders placed for a large number of identical high-value items      
  • A request for immediate or overnight delivery of expensive items   
  • Visibly altered or damaged Cards (if accepting payment in person)

If you’re suspicious of a Card or the person paying with it, call American Express® Card Authorisations & Fraud on 020 8551 1111. Please have your American Express Merchant number to hand and be prepared to answer security questions.


Useful links

Woman looking at laptop

Accepting Credit Card payments online

Do you sell your products or services online? Here’s why e-commerce businesses should accept Credit Cards.

 Woman at table paying using phone on contactless terminal

Accepting Credit Card payments in store

Here’s how accepting Card payments in store could help grow your business.


 Man sitting at table and paying using phone on contactless terminal

How to take online payments

Discover how online payments work and how to get set up.


Don't Do Business Without It