If you are a retailer you probably let some of your customers pay remotely – either online, over the phone or by mail order.
These card-not-present (CNP) transactions are particularly vulnerable to fraud because the buyer is ‘invisible’ and normal face-to-face precautions aren’t possible.
This guide explains how easily fraud can happen during a card-not-present sale and looks at the practical things you can do to keep your business safe.
Preventing CNP fraud makes good business sense.
A card-not-present (CNP) transaction is when the customer is not physically present (with their card in their hand) at the time of payment.
It is easy for criminals to use CNP transactions to make fraudulent purchases using other people’s card details that have been stolen or cloned.
Most CNP frauds happen in one of two commonplace situations:
The card authorisation process does not guarantee these payments. It checks only that there are sufficient funds in the cardholder’s account and that the card hasn’t been reported lost or stolen.
Fraudulent payments can be reversed by the card issuer, leaving you – the retailer – out of pocket.
Any of these should sound the alarm.
Some simple steps can make your business safer.
Use Mastercard Identity Check and Visa Secure so that online customers must complete an extra verification step.
2FA requires new customers to verify their phone number when setting up an account, helping to make sure they are genuine.
Ask customers to provide the CSC on the card (usually 3 or 4 digits) and the street number and postcode of the cardholder’s billing address. Verifying the CSC helps to show that the customer is in possession of the physical card. AVS checks that the address provided by the customer matches the one held by the card issuer.
Rule-based fraud detection tools can enable you to cross-check whether a customer’s name and contact details (including email address and phone number) have been flagged as suspicious.
This practical guide highlights the risks of card-not-present fraud when selling goods and services. But business fraud comes in many other guises. It makes good business sense to find out more.
Thanks to Sarah O’Shea from Barclays for kindly writing this guide.
Published September 2022. © Fraud Advisory Panel and Barclays 2022.
Fraud Advisory Panel and Barclays will not be liable for any reliance you place on the information in this material. You should seek independent advice.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Licence.