In addition to the obvious threat to revenue, CNP fraud also poses a risk to brand reputation.

The threat of online fraud continues to be of great concern to consumers, with a recent Associated Press poll showing 58 percent have “deep concerns” about their personal data in online transactions. In response, merchants have banded together with financial institutions to safeguard data. Merchants that ignore this consumer concern do so at their own peril.
Here are a few considerations for CNP merchants to arm themselves for fighting CNP fraud:

  • Listen to Goldilocks on Fraud Prevention – be fluid use the right tools for your business
  • Consider using biometrics, enhanced 3D Secure technology, and tokenization of data.

The increased risks of omnichannel commerce require attention to great care from merchants. Finding the right combination of fraud prevention and protection without turning away sales or impacting customers is a balancing act that takes time and fine-tuning. When you finally find the right balance in your fraud prevention methods, Frank Stornello, Chief Marketing and Strategy Officer at Verifi, states that three things happen:
“First, from an ROI perspective, you don’t eat as much fraud. Second, you take more orders because you can be more accurate in determining who is high-risk and put those customers into buckets with more stringent screening. Finally, you can automate more of your order processing so that it takes fewer people to manage fraud.”
Challenges of omnichannel commerce
With the increase in omnichannel e-commerce, new demands are being placed on merchants to have a responsive and dynamic sales and merchandising system. Now, consumers expect this convergence of physical and digital commerce. When the process fails to meet their expectations, they are quick to find a merchant who can give them exactly what they want and when they want it.
Customers want a seamless experience. They want to find the item or service quickly with minimal human interaction, order it and pay for it with a few clicks, and have it delivered in a matter of as few days as possible. Along with this, though, some customers want the reassurance of a personal experience, should they have a problem with any step in this process.
For the merchant, this means that you need to be thoroughly prepared for anything this entails. This means staying on top of emails and phone calls to your customer service team with questions about products, shipping, returns, buying, etc. And let’s not forget that your customer service team also must be equipped to track these contact points with customers and keep detailed records.
What this means for you, and as Verifi’s CMSO, Frank Stornello, highlights above, is that this omnichannel sales model is both good and bad. Yes, your sales can increase; yes, your customers are happy to buy online and pick up in a brick-and-mortar location; but you now need to think more about your fraud prevention methods.
How will your current fraud prevention methods cope with these three omnichannel dimensions?

  • Brick2Click: integration between online and brick-and-mortar stores, providing seamless customer support at either channel
  • Device2Web: allows consumers to interact with the online store through a range of digital touchpoints
  • eAve2Web: provides a smooth experience for customers who make purchases online by assigning an order ID and customer ID through a centralized database system, supporting customer service in brick-and-mortar, digital, and online channels

Achieving the ideal balance
As you’ve browsed our website and read our blog and white papers, you’ve likely learned this one important lesson: Yes, you can protect your business from fraud.
But as Frank Stornello has emphasized, all too often merchants are guilty of taking their methods of fraud prevention too far. This results in rushing to overprotect your payment process, resulting in a loss of good sales.
As we highlight in our white paper, Just Right: 3 Primary Important Lessons About Fraud Prevention from Goldilocks, you need a fraud prevention method that balances upfront protection with chargeback prevention and recovery.
At the forefront of your approach to preventing loss and maintaining sales, you should be thinking like your customers. Customers don’t and won’t put up with a rigid buying and ordering experience, but they do want the confidence that comes with knowing your solution is secure.
With the drive towards omnichannel e-commerce, this too much/too little/just right balance is a business imperative. Don’t be like Goldilocks and lose time dabbling with a fraud protection solution that is either too hot or too cold. This only results in increased fraud and chargebacks and ultimately lost sales from your overly sensitive fraud prevention methods.
When researching your ideal solution, remember the advice from Frank Stornello:

  • Find a prevention method that doesn’t eat into your good sales.
  • Make sure your solution has a proven screening method, allowing you to identify possible risks.
  • Automation is key in minimizing the risk and error that can come with fraud prevention.

In the future, there will be more options for online security. Payments will be both more secure and more accessible with the advent of biometrics, better analytics, and the rapid decline of static passwords. Nevertheless, merchants must take care in selecting how they protect themselves against fraud.
As always, the entire Verifi team of experts is available to answer your questions and guide you in finding the solution that works for you and your customers. Both you and your customers deserve to have confidence that doing business with you is safe, secure, and simple.

Many merchants rush to overprotect their payments process, turning away good sales in the process. Overprotecting payments can cost more money in lost revenue than the fraud it intended to prevent. When implementing new layers of security, it is imperative that merchants understand the fine line between TOO MUCH and NOT ENOUGH security. Merchants should consider their existing chargeback data and partner with a third party that is agile enough to optimize their chargebacks levels now and as they grow.
Like Goldilocks, we’re big fans of finding a “just right” chargeback protection solution that balances up-front fraud protection with chargeback prevention and recover.
Download our recent white paper “Just Right -3 Primary Things Merchants Can Learn About Fraud Prevention From Goldilocks,” and learn why 0.00% is probably not your best chargeback ratio.

E2E and Tokenization are often coined as an either/or solution but this is not always the case. Tokenization replaces the sensitive card data information with unique symbols so that hackers have nothing to steal. Encryption masks data with complex algorithms that are difficult to protect.
Both solutions have a key role when it comes to protecting transaction data, working hand-in-hand to ensure secure payment processing and the safeguarding of  cardholder data from point-of-sale throughout the entire transaction lifecycle. Some of each are already implemented in mobile payment technology.
If you want to evaluate tokenization or E2E, you can read more on the significant characteristics of both solutions.

Card-Not-Present transactions are expected to account for 25% of all card based transactions by 2018.

Merchants have little time to prepare, especially since card-not-present CNP fraud will increase after EMV adoption in the USA. Realize that while business will grow, so will the potential for fraud. Fraudsters will become more sophisticated, too, creating a complicated security situation.
Consider your security weak points now and implement the technology to strengthen them, so that you are prepared for more business in the future. Data analysis will be key in this review.

 Protecting your payments is getting harder

As fraudsters keep getting more innovative, protecting your payments gets harder. The dark web is now a real marketplace, where credit card information and personal identity have predictable cost ranges and are readily available. This was where breached data from large retailers was bought and sold.
According to FICO, 2013 was the year of the mass retailer data compromise for many in the payment card fraud space. With the year coming to a close, FICO wonders what next year’s fraud targets will be. Some of the biggest predicted CNP fraud trends of 2014 include unprotected mobile devices leaving consumers exposed to fraud, spoofing of smartphone apps luring unsuspecting consumers into downloading rogue versions of applications and increased CNP fraud as the adoption of chip and PIN (EMV) technology takes hold in the US.
If merchants are prepared they should not suffer. Balanced forward-thinking fraud solutions that keep mobile vulnerabilities in mind are the key to the future of payments.
 

Many Card Not Present (“CNP”) merchants want to better understand biometric authentication and the impact it will have on their business. In most cases, cost is no longer a barrier and the technology has become increasingly accessible, making adoption a real possibility for merchants looking to fortify security. What’s more, consumers are on increasingly on board. With 12.6 million victims of identity fraud in 2012, privacy concerns are being overshadowed by the desire for increased payment security.[1]
Biometrics has been used for many years in high security applications via eye scan, finger- and palm prints as well as voice recognition technology.  Biometrics is now making its way into CNP payments as mobile commerce gains momentum and as the EMV mandate begins to take hold over the next several years.  This article will discuss the implications of biometrics for card-not-present transactions and the impact on CNP merchants.

WHAT IS AUTHENTICATION?

Authentication is key to successful  CNP commerce; recent breaches have exposed weaknesses in payments security and as EMV looms on the horizon, the need for airtight CNP authentication will only increase. There are three primary ways in which a customer can authenticate his or her identity[2]:

  1. Ownership factor – Something a person has, like a credit card or other physical token.
  2. Knowledge factor – Something the person knows, like a PIN or password.
  3. Inherence Factor – Something the person is or does, like a fingerprint or unique facial features.

Technologists are focused on using inherence or biometrics for authentication.
The addition of biometrics (three-factor authentication) can ensure and protect the identity of the cardholder. The plus for biometrics is that they cannot easily be counterfeited as they are unique to the customer and they are easily accessible for the user. On the flip side, this type of authentication is less convenient for consumers and usually requires a longer time commitment for the checkout process as the merchant is requiring an additional factor of authentication. The following are some common forms of biometrics and their considerations for use in the CNP environment.

TYPES OF BIOMETRICS

TYPE PROS CONS EXAMPLE
Digital Fingerprinting –  utilization of a touch sensing device or scanner to capture a person’s fingerprint image to which a live scan of the person’s finger can be compared to gain access or entry.[3]   Convenient and growing authentication method – especially in newer smartphones Not as common in other devices such as desktop and laptops The iPhone 5s can be locked and unlocked by touching a fingertip to the device screen; this technology also allows Apple customers to authenticate on iTunes.[4]
Facial Recognition –Technology application that identifies 80 nodal points on the human face and compares these points to a digitally stored image to confirm the identity of a specific individual through pattern identification.[5] Prevalence of digital cameras on mobile devices, laptops and desktops makes “pay by face” an accessible option. May require use of specialized camera installation on devices; may require users to pay additional fees and may raise some privacy concerns over the storage of facial images in databases.[6] Used in US-VISIT (United States Visitor and Immigrant Status Indicator Technology) to verify the photographs of foreign travelers attempting to gain entry to the United States against those submitted at the time of visa issuance.[7]
Voice Verification – Technology that compares a person’s voice pattern to a previously recorded vocal biometric to confirm an individual’s identity.[8] Voice recognition technology is user-friendly (non-intrusive), relatively inexpensive and most computer systems have microphone capabilities built-in.[9] Health and emotional state can cause variance in a person’s speech, causing a mismatch between voice template and sample submitted for verification.[10] The US PORTPASS Program uses voice recognition via handsets to identify enrolled local residents along the U.S.-Canadian border, allowing them to cross the border when the port is unstaffed. [11]
Iris Recognition –Technology that analyzes the random pattern of the iris to recognize and identify a person.[12] Image of the iris can be captured using a standard camera and matching a person’s iris with the stored version is highly accurate.[13] The iris is difficult to scan from a distance and can be obscured by eyelashes or eyelids. There can be difficulty in reading the iris of people who have cataracts or are blind.[14] Iris recognition is currently used for physical access control.[15]

While some privacy concerns do exist over the storage and use of biometric information, consumers appear willing to set aside privacy concerns for heightened CNP security.
Findings show that 49% of consumers are ready for biometrics.[16] A recent white paper by Nicole Reyes of The Members Group published noted that 51% of consumers surveyed had concerns over a company or mobile device having access to their fingerprints.[17]; however, that number may drop as additional methods of storing data are researched, such as only storing the information on the consumer’s payment card.
While use of biometrics to many may seem like “big brother is watching”, consumer sentiment may be shifting and allow for faster adoption. A recent Associated Press poll pointed out that 58 percent of consumers have “deep concerns” about their personal data in online transactions,[18] signaling that they may be more open to added security measures like biometrics. Mass adoption of biometrics as a security tool may still be off in the distance, but CNP merchants should consider utilizing biometrics as a tool that is part of a comprehensive risk and evolving fraud management strategy. Staying on top of all the available technology and tools in a layered approach will allow CNP merchants to keep up with the fraudsters and  guard against new threats without damaging  the customer experience.
 
 

 
 
CITED SOURCES:
[1] https://cardnotpresent.com/articles/displaylogin.aspx?id=5160
[2] https://www.emv-connection.com/wp-content/uploads/2014/01/CNP-WP-012414.pdf
[3] https://www.businessdictionary.com/definition/digital-fingerprint.html
[4] https://cardnotpresent.com/news/cnp-news-may14/CNP_Expo__Are_Biometrics_the_Authentication_Answer__-_May_20,_2014/
[5] https://whatis.techtarget.com/definition/facial-recognition
[6] https://www.parl.gc.ca/content/lop/researchpublications/06-30-e.htm
[7] https://electronics.howstuffworks.com/gadgets/high-tech-gadgets/facial-recognition4.htm
[8] https://www.transparencymarketresearch.com/voice-verification.html
[9] https://www.globalsecurity.org/security/systems/biometrics-voice.htm
[10] https://www.globalsecurity.org/security/systems/biometrics-voice.htm
[11] https://www.globalsecurity.org/security/systems/biometrics-voice.htm
[12] https://www.biometrics.gov/Documents/IrisRec.pdf
[13] https://www.sans.org/reading-room/whitepapers/authentication/iris-recognition-technology-improved-authentication-132
[14] https://www.sans.org/reading-room/whitepapers/authentication/iris-recognition-technology-improved-authentication-132
[15] https://www.irisid.com/currentfutureuse
[16] https://www.infosecurity-magazine.com/view/22732/mobile-wallets-and-mbanking-how-secure-are-they/
[17] https://www.tmgmktg.com/WP/TMG_wp_BiometricAuthentication_FINAL.pdf
[18] https://cardnotpresent.com/news/cnp-news-jan14/Report__U_S__Consumers_‘Concerned’_about_Breaches,_But_Not_Showing_It_-_Jan__30,_2014/

To improve your bottom-line results you need to implement a holistic chargeback management solution to fight chargebacks, and also actively reclaim dollars lost to fraudulent  chargebacks.
Verifi, a leader in chargeback prevention and recovery since 2005, recommends 6 best practices  for fighting chargebacks and improving the chargeback dispute process

1. Improve Internal Chargeback Processes

To fight chargebacks, you should optimize several internal processes to minimize chargebacks. For example:

  • Gather information you need to build your case when representing chargebacks.
  • Improve customer service by making it easier for customers to contact your company. You can consider extending hours of operation and make it easier to reach a live person by reducing hold times and automated menu options. You don’t want customers to get frustrated, hang up and choose to call their issuing bank instead.
  • Institute internal fraud monitoring that includes monitoring IP addresses or high-value transactions to prevent fraudulent chargebacks before they occur.
  • Use chargeback notifications to learn quickly when a customer is disputing a charge. Notifications enable you to address chargebacks proactively without tightening up fraud control so much that you turn away good customers.

2. Prioritize Which Chargebacks to Fight and Represent

Whatever you do to prevent chargebacks, they will still happen, so you need to  identify those that are most worthy of being fought and represented based on the expected ROI. Each dispute takes time and carries a fee from your acquirer. Consider the return on time and money spent and pick your battles carefully.

3. Gather and Analyze Chargeback Data

Monitor your chargebacks and determine where you should take preventive measures. Make sure you separate your initial chargebacks from those that remain after you represent them. You need to understand the “why” behind each chargeback. Why are they occurring?  Why aren’t you winning them when you represent them? Insights gained help you minimize chargebacks and maximize representment win-rates.

4. Make Billing Clear

Some chargebacks occur because customers don’t recognize charges they receive. So be as clear as possible and make it easy for the consumer to contact you and jog their memory about a purchase.  Include the URL or customer service number in the descriptor field on bills.

5. Fix Problems in Operations

Your chargeback data can be a treasure trove of information about problems in operations. Analyze the chargeback codes you see most frequently and what might cause the problem. For example, perhaps you have a high percentage of chargebacks due to “merchandise not as described.” If so, it may indicate your website’s product descriptions and images are not descriptive enough. Or, maybe your product quality is not up to consumer expectations.

6. Outsource to the Experts

If you choose to fight chargebacks, know that is is time consuming and can divert resources from your core business. To be effective, it takes deep expertise and requires you to keep up on all the latest rules for chargebacks. Many merchants find the best solution is to outsource the task to a third party that’s 100% focused on chargeback prevention and management. This solution often achieves the highest return on investment, enabling you to reduce risk, be more efficient, and improve your bottom line without the chargeback management headaches.
 

You don’t have to accept shrinking profits. Let Verifi help you fight chargebacks. We do all the work!

Verifi’s Premier Chargeback Revenue Recovery Service can help you fight chargebacks, increase your chargeback win rate, save you time and recover lost profits that are rightfully yours… without tying up scarce IT resources.
The benefits are clear:

  1. Immediate ROI – Pay Only For Success.
  2. Guaranteed ROI – Pay-for-performance pricing model means you only pay a nominal percentage when we’re successful (fixed rate fee option also available). Verifi has a win rate nearly 2X the industry average – reclaim more than 50%* of disputes.
  3. Streamline Your Process -In-depth analytics and reporting features can help identify problems in the operation and improve fraud and chargeback prevention measures. Lower costs and free up your time from hiring, training and maintaining staff.
  4. Comprehensive Omni-Channel Coverage – Support for all media enables you to recover chargebacks for BOTH card-present and card-not-present channels. Covers all card brands and major payment methods (Visa, MasterCard, American Express, Discover)…and even PayPal.
  5. Expertise to Lower Your Costs and Focus on Your Business – Trusted leader in the payments space processing hundreds of thousands chargebacks EVERY month. Our Chargeback Recovery Specialists handle all aspects of the dispute process: research, case positioning and and all the issuer communications through resolution. Long term relationships with top issuing banks and processors give us insight into all the complex details of improving chargeback process.

As technology continues to advance, online criminal activity is maintaining pace.

Fraudsters become more proficient every day, every time a loophole is closed, it seems a new one opens. Consideration must be given to all channels equally.
According to Jeff Sawitke, Chief Product Officer for Verifi, the best way to prevent fraud is to put a consistent policy into place across all sales channels. As he says, “Data-sharing limitations increase a merchant’s fraud risk because those orders may not get the same level of review and validation as orders in other channels. That creates a weakness in the merchant’s system that criminals can find and exploit.” For example, if a customer’s IP address is tracked during purchases on the website, it should also be tracked during purchases on the mobile app.
This and more was the topic of a recent sponsored special report Verifi  published in Internet Retailer Magazine. As one of the top payment management and chargeback protection solutions in the country, Verifi uses industry-leading fraud prevention and detection systems to assure the safety of their merchants and customers.

Mobile phones are more than another payment and shopping option according to an article in PYMNTS.com. Mobile phones can also make payments more secure. Their geolocation allows for position-based fraud analytics. Their cameras are used by Alibaba to ensure buyers are themselves with “selfie-validation” and Uber requires new users to take pictures of a card that must be in their possession.
Now biometrics, using secure payment processing software such as TouchID, are keeping mobile wallets secure. These tools and others could improve or replace vulnerable security measures like static passwords and lead to secure global payment processing.