Online sales, telephone sales, and mail-order sales all present opportunities for fraudsters to commit Card Not Present (CNP) fraud. It’s important for merchants to recognize that this prevalent form of fraud is not confined to online sales. Any transaction during which the customer with their payment card is not present is at risk for CNP fraud.
Whereas merchants are focused on the risks of fraud and theft to their online sales model, it’s important that equal vigilance is paid to telephone and mail-based orders. The same technologies used to validate, authenticate, and verify credit card details during an online sale must also be applied to these earlier established forms of sales.
Real CNP Fraud in Action
To stop CNP fraud, merchants must know how it happens. Understand that you are the first line of defense against CNP fraud. Don’t presume that because CNP fraud hasn’t happened to you yet that it won’t happen. This general negligence in the payment space enables fraudsters to continue with their criminal behaviors.
- Stolen credit card details. Criminals acquire stolen credit card information to make fraudulent online purchases. Often the criminal does not have all of the credit card details, such as the CVV number or full address.
- Card testing. Fraudsters make small purchases with stolen credit card details to test this data. When the data works, the criminal follows this up with large purchases from the same merchant. These sales are not flagged because the cardholder is now known to the merchant.
- Diverted delivery. Fraudsters have the delivery sent to an address that is not connected to the credit card. Because the address verification service (AVS) does not review the entire address, the address mismatch can be missed.
- Online skimming. Criminals prey on security flaws in online payment solutions and hack customer data. Often complete customer details including passwords, phone numbers, and order history are stolen – enabling the criminal to mimic the customer.
- Fraudulent gift cards. Using stolen credit card details, criminals buy gift cards and then use these gift cards to make purchases or sell these gift cards to other criminals.
The 2016 LexisNexis True Cost of Fraud Study highlighted that U.S. merchants experienced an 8% increase from 2015 in the dollar cost of fraud loss. This means that for every dollar lost due to fraud, merchants are actually losing $2.40 to chargebacks, fees, and reinvestment for replacement of lost products or services.
Merchants are hit with loss of inventory, chargeback fees, increased issuer and acquirer fees, cost of product delivery, labor-related costs to fulfilling the order, and loss of revenue. Not to be overlooked in this true cost of fraud is the damage to brand reputation and how this fraud impacts merchant standing with credit card issuers.
Detecting CNP Fraud in Action
In its March 2017, Card-Not-Present Fraud Around the World study, the US Payments Forum collected data on how merchants use technology to detect and prevent CNP fraud. As part of their study, the US Payments Forum included data collected by the 2015 Merchant Risk Council Global Fraud Survey.
Highlighted in the US Payments Forum study is that according to the Merchant Risk Council survey, most merchants rely on the credit card CVV and blacklists, or negative lists, to authenticate purchases. Additionally, surveyed merchants plan to incorporate 3D Secure, device fingerprinting, and email address verification to their authentication methods.
This speaks to the need for merchants to look beyond one type of fraud detection and focus on implementing a true multi-layered approach. As emphasized earlier, criminals use a number of methods to commit CNP fraud, relying on various flaws and technology gaps to allow them to succeed. For example, while CVV is an effective way to prevent purchases by stolen credit card details, it is not the most effective method for stopping diverted delivery or card testing.
Card Not Present merchants—including merchants who sell via telephone and mail—must use the latest in fraud detection technology. The key is in using the right technology at the right time in the right way. This correct application of fraud detection technology requires proven fraud detection solutions and first-hand experience.
We urge you to review these fraud detection technologies:
- Geolocation. Verify the location of the customer with the actual location of the active card.
- Biometric analysis. Compare the customer’s fingerprint with that of the cardholder.
- Address verification service. The issuer compares the addresses provided during the transaction.
- CVV. Additional credit card security code required during the final payment authorization.
- IP Intelligence. Deep analysis of the IP address used for the transaction to monitor possible risks associated with this location.
- Device intelligence. Deep packet inspection and proxy piercing capabilities to expose specific identifying details of the connected device submitting the transaction.
- 3 Domain Secure. A cardholder authentication protocol for e-commerce transactions and CNP purchases.
- Merchant co-op. New orders are compared against millions of orders taken by other merchants.
- SSL. Secure encrypted communication protocols between devices and payment solutions.
Just as you rely on more than one marketing approach to promote your business, it’s necessary to layer fraud detection approach to protect your business. Stand up to Card Not Present fraud and know that with expert advice and proven technologies, you can ensure you’re not losing out to CNP fraud.