Card not present (CNP) transactions occur when a purchase is made, often online or over the phone, when the card holder, card and merchant are not in the same location during payment. CNP fraud is committed when a criminal uses another individual's card details to make fraudulent purchases. CNP fraud can be challenging for retailers to prevent and if not addressed, can be highly detrimental to businesses who accept CNP payments.
How Card Not Present Fraud is Committed
When a criminal gets hold of a card holder’s name, account number, security code, expiration date and billing address, and makes an online purchase imitating the original card holder, it is considered to be card not present (CNP) fraud.
Cardholder details are typically stolen electronically through a Phishing scam, theft of a business’ customer credit card information, or merchant database hacks. Typically, once criminals have stolen the victim’s card information they will use it to set up recurring payments, make purchases, buy gift cards or purchase cryptocurrency.
CNP fraud is something all businesses must be aware of as it is the merchants who suffer at the hand of these transactions. Banks and credit card companies do not hold cardholders liable for fraudulent activity conducted on their accounts. Therefore, CNP fraud could significantly impact smaller businesses, causing cash flow problems and reduced revenue which can directly impact profitability.
Card Not Present Fraud Trends
The rise of online shopping has brought with it an increased risk of CNP fraud. According to Retail Dive, at the current rate of CNP fraud worldwide, retailers stand to lose $130 billion between 2019 and 2023 due to CNP fraud if retailers do not implement measures to prevent it. For businesses to be able to effectively protect themselves against CNP fraud, it is important to understand common CNP fraud trends.
One of the most common methods of CNP fraud is for criminals to impersonate businesses or customer service agents. This is called business email compromise (BEC). The scammer will send an email impersonating a customer service advisor, and ask for credit card information. Scammers have become more sophisticated in how they send these emails, often sending these emails during times people are most often on their phones so that they see a name that they recognise but, due to the layout of many smartphone email apps, they do not see the email address it was sent from.
Another common trend in CNP fraud is the use of botnets. Botnets are a network of private devices infected with malicious software and used to compromise business information. This trend in CNP fraud can be used to launch large scale attacks against businesses. This type of attack is also now frequently being carried out on smartphones, making it more difficult to trace the source of the attack due to the way smartphones use IP addresses.
International or cross-border transactions have long been considered an indication of fraud. Many businesses will reject the majority of cross-border transactions from certain countries due to the assumption that they are malicious, however, this is not always the case and if not managed correctly it can mean losing out on genuine sales.
According to a study by the Juniper Research Project, it is expected that the number of records stolen in data breaches will increase to 22.5% by 2023, as criminals become more sophisticated in their collection of credit card information.
How to Manage Card Not Present Fraud
There, however, are some ways that businesses can protect themselves and their customers against card not present fraud.
Address verification system (AVS)
This process verifies the customer’s identity by cross checking the buyer’s address against the one held by the card company.
Card verification value (CCV)
CCVs are the 3 digit security code on the back of credit and debit cards. This code can be checked against the customer’s billing address in order to confirm their identity, this process will reject the payment if the CCV and billing address do not match.
Tokenisation protects sensitive customer information by implementing a non-sensitive placeholder during the payment process. This token is then used to identify the customer as this token can only be traced back to the original account.
This is a popular method used by banks to protect their customers' information by asking them to verify a purchase or payment by sending a unique code to a verified mobile number or email address.
This method of identity verification is common-place on many smartphones, tablets and laptops and is increasingly being used by banks or eWallets to verify payments. Biometric scanning can be implemented through fingerprint scanners, facial recognition or voice identification.
To help protect your business against CNP transaction fraud, Opayo offers fraud prevention and security tools. We offer advanced fraud screening to all of our partners at no additional cost, so your business can benefit from 3D secure authentication, AVS and CV2 checks and PAF, to protect your business and customers.
Watch our video to see payment fraud explained.
Understanding common card not present fraud trends can be the first step towards helping protect your business. At Opayo we offer a range of fraud prevention and security services as standard to all of our clients. If your business has more specific security needs, you can upgrade to our bespoke fraud screening services so you can rest assured that your business and your customers are in safe hands. For more information on Opayo’s fraud prevention services, contact our team of experts today.