Card Not Present Fraud
Shopping online has grown significantly over the last decade. From a business perspective it offers access to new customers and markets and offers customers flexible ways of shopping that suits their lifestyle.
Accepting cards remotely poses retailers with a challenge. For most businesses offering an e-commerce option is now essential but with neither the card nor the cardholder present when the transaction takes place – how do you know the transaction is genuine?
There are a number of tools and techniques that can be utilised by retailers when selling remotely to build up a profile of their customer, authenticate the cardholder and ensure they receive payment securely. Without these measures, retailers are at increased risk of becoming victims of remote purchase fraud.
- In advance of offering your customers internet, mail or phone order options it is important to ensure that you have the correct terms in place with your Card Processor. Be aware that if you are a face-to-face business, you cannot simply start accepting cards over the internet without revising your terms with your card processor).
- Liability for fraudulent card not present (CNP) transactions – remember you can be held financially accountable for an unsecured fraudulent transaction, even if the card issuer has provided an authorisation code during the sale. The authorisation from the card issuer confirms the funds are available to cover the sale amount and that the card was not reported lost or stolen at the time of the transaction. It is the retailer’s responsibility to ensure that the genuine cardholder is carrying out the sale.
- It should be noted that merchants who accept CNP card sales in a 3D Secure environment are much more secure and are protected against fraud-related chargebacks.
- Always check the credentials of new customers, particularly if placing a high value first order or making multiple orders in a short timeframe.
- Be particularly careful if the goods purchased are of a high value and easily re-saleable as this makes them more likely targets for fraudsters.
- Be wary of unusually large or high value orders or orders that are being delivered to countries you would not normally do business with.
- Obtain a landline number where possible because mobile numbers may not be verifiable.
- Be cautious of rush orders, collections or last minute changes in delivery address. Criminals often create a time pressure so that you do not have time to carry out normal checks.
- Check records of previous orders for anomalies or suspicious trends. Watch out for the same card number being used with different delivery addresses, the same delivery address/contact number being used with different card numbers or orders that don’t make sense e.g. much larger or more frequent orders than you would typically expect.
- Check the delivery address is valid. The electoral register can be helpful in this regard for personal customers and business directories for business customers. Deliveries to PO boxes should be avoided.
- If a purchaser calls to collect the goods in person, ask to see the card that was used in the purchase. Collections by taxi, courier or other third parties are not recommended.
- Ensure all staff including those on temporary or part-time cover are familiar with what to watch out for.