Detecting and Preventing Card-Not-Present (CNP) Fraud
Card-not-present fraud (or CNP fraud) is an ongoing threat to all businesses, with Juniper Research recently predicting a projected $130 billion financial loss for businesses by 2023 as a result of this fraud type.
CNP fraud presents potential risks to business revenue, but it can also negatively impact a customer’s trust in a company. There are numerous measures that companies can take to detect and prevent CNP fraud, as well as best security practices to follow that are proven to prevent or minimize the effects of it.
This article covers:
- An informative overview of card-not-present fraud, including the reasons for its rise
- How businesses can detect CNP fraud
- Effective measures for businesses to prevent CNP fraud from taking place
What is CNP fraud?
A CNP payment is a type of transaction where the physical presence of the credit or debit card is not required. Primary means of CNP payment are:
- Paying via an online checkout page (an eCommerce store payment page, in-app purchase page)
- Over the phone
These CNP forms of payment only require the card details to complete a transaction. Many banks have now added an extra layer of security, like sending a code to the cardholder’s smartphone to confirm their identity before proceeding with the online transaction. Nevertheless, CNP fraud continues to present major risks – in particular, affecting merchants in eCommerce brick-and-mortar businesses with an online store, or businesses that take phone payments, as well as small, local companies that don’t have a physical store and can only take payments by phone or online.
According to Visa, the global adoption of EMV chip-and-pin card technology reduced fraud over a three-year period ending in 2018 by 76%. While this was excellent news for businesses and customers alike, it provoked a response in fraudsters’ tactics and a shift to CNP fraud, as reported by JP Morgan. In line with this change in fraudster approach, card-not-present transactions have been on the rise too. According to Discover’s Pulse Network, CNP payments rose by 21% in 2019 alone, and with reports that the Covid-19 pandemic has accelerated e-commerce’s evolution by five years, it stands to reason that CNP fraud will become an even greater threat still.
How to detect CNP fraud: tips for businesses
The first stage in defending against this payment scam is identifying when a transaction may be potentially fraudulent – take a look at the below signs and indicators of common CNP fraud:
1. Inconsistencies in the shipping and billing addresses
If the billing and shipping addresses are different, it may be a sign of fraud taking place. This is especially the case if the addresses are far apart, for instance, in different states or countries.
2. Very large orders being placed
An unusually large monetary amount should alert businesses to pay close attention to the transaction for any other signs of possible fraud.
3. Inconsistencies in personal and contact information
Does the email address match the cardholder’s name? Does the contact phone number have a different regional or country code to the billing address? It’s important for this data to be consistent
4. An IP address that doesn’t match billing or shipping addresses
Some fraudsters operate from other countries. One possible red flag is that the IP address from where they attempt to process a fraudulent payment doesn’t match the billing and shipping addresses. Merchants can use an Address Verification Service (AVS), a tool provided by card issuers and banks to check for billing address consistency with what is on file with the cardholder’s bank account provider.
5. Requests to speed up payment
Fraud criminals often ask for payment to be expedited in order to evade detection and prevention.
6. Spammy personal information
Scam attempts may include contact information that looks spammy. For instance, an email like firstname.lastname@example.org or a phone number such as 993333111.
7. Inconsistencies in multiple payments with the same card
If the same card has been used more than once, a classic sign of fraud is that the information included doesn’t match across payments, including shipping addresses, email and phone number.
In addition to the above, merchants can adopt heightened surveillance practices for all CNP payments. Vigilance for every single card-not-present payment combined with manually checking all transactions will position businesses to help identify when fraud is potentially taking place. If possible, a “four eyes” rule – in which two people check all payments – will provide an even stronger protective layer.
How to prevent CNP fraud: measures that businesses can implement
As well as being on the lookout for fraud with the above practices, merchants can also implement a series of steps for scam prevention. These play an important role for all three primary stakeholders: the merchant, cardholder, and the credit or debit card company.
1. Verify the cardholder’s identity
Merchants can include a proof of identification step. For instance, requiring the customer to upload a copy of photo ID. Another option is to only include this requirement on particularly large monetary amount orders. Alternatively, merchants may consider a requirement from the cardholder to link to a social profile, such as Facebook, as a means for checking their ID.
2. Confirm each CNP transaction with the customer
Once a merchant receives a CNP payment, they can include an additional step to further complicate the process of fraud. In general, the more steps involved, the less likely fraudsters are to proceed. By calling customers to confirm payment over the phone or closing a transaction over email, merchants can prevent fraud that could otherwise prove successful. During this step, employees should look for any suspicious behavior or evasive, slow or confused responses. When talking over the phone, they can also cross-check features such as gender and an idea of age and accent from the person’s voice with their purported identity.
3. Delay delivery
Another useful tactic is to delay the delivery of goods and even services by anywhere from 24 to 72 hours. This can act as a preventative measure as fraudsters very often target fast transactions and try to expedite the process, as discussed above. Another reason why it can be helpful is that cardholders may spot a fraudulent transaction on their bank statement and report it. Moreover, many banks offer a notifications feature now, which sends cardholders a message containing information on every single transaction when they take place.
4. Make online store registration a requirement
Merchants can obligate customers to register on their website in order to make a CNP purchase. As another step, it can frustrate the fraudster’s attempts. Registration can also include identification verification. Merchants can also ask for extra personal details beyond mandatory data in order to get as accurate and detailed a picture of the customer as possible.
5. Only post to verified delivery addresses
Merchants can mitigate the possibility of CNP fraud by ruling out postage to an unverified delivery address. Shipping addresses that have passed verification checks cut off a potential avenue for fraud via the use of unverified shipping addresses.
In addition to these measures for merchants and customers, banks and card issuers also play an important role in preventing CNP fraud. Many banks have started to implement a two-factor authentication system to combat fraud. This is particularly the case in Europe, with the EU’s “Strong Customer Identification” legislation coming into force. Banks and card issuers can also provide cardholders with updates to security protocols concerning CNP fraud and continually offer best practice guidance, which can come via a range of channels, including their website, email, SMS, and in-branch.
Of course, merchants may be reticent to implement some or all of these steps as they may turn genuine customers away from completing purchases. Therefore, striking the right balance between sales conversion and offering a robust security process is critical.
Detecting and preventing credit card fraud for merchants
With CNP payments rising fast as a preferred customer method, and the added security vulnerabilities that card-not-present transactions generate, merchants have a considerable task on their hands to stamp out fraud. However, with the right detection and prevention protocols in place, they can certainly minimize its frequency. Moreover, by partnering with a proven, best-in-class payment provider with strong CNP security credentials, businesses can make it even harder for scammers to game the system.
The right payments provider can help merchants by accomplishing several of the above steps with a wide range of sophisticated anti-fraud checks in place, as well as assist with PCI compliance. As a result , merchants can drive down instances of CNP fraud, garner trust in their customers and focus on growing their business.