From a fraud prevention perspective, which practice should be implemented during a user's checkout flow?

Collecting specific data such as the Card Verification Code (CVC) and ZIP code during the checkout flow is crucial for enhancing fraud prevention. These data points serve as security measures that help verify the legitimacy of the transaction and the identity of the cardholder. The CVC is an additional security feature that is not stored on the card's magnetic stripe, making it harder for someone to use stolen card information without physical possession of the card. Similarly, the ZIP code can verify the billing address associated with the card, providing another layer of security.

Incorporating these practices allows businesses to better assess the risk of a transaction and to reduce fraudulent activities, as they require more than just the card number for successful payment authorization. This approach aligns well with industry best practices for online payment processing and is widely supported by payment gateways, including Stripe.

Conversely, avoiding the collection of user data would significantly increase the risk of fraud, while saving all payment methods could expose a business to data security risks if not managed properly. Implementing a delay on transactions can complicate the user experience and potentially lose sales opportunities, making it a less favorable approach for immediate fraud prevention in the checkout process.