It has become increasingly important to consumers to be able to buy goods and services without having to physically go to the shops. Over 30% of all payment card transactions are now carried out via the internet.
Offering your customers the option to shop on the internet, through mail or phone order may well be an important part of your retail offering. These types of transactions are known in the industry as Card Not Present (CNP) transactions and they are a growing part of many retail businesses however there are additional fraud risks associated with these transactions. In fact, in 2015, in excess of 60% of all fraud on payment cards issued in Ireland took place in a CNP environment.
If you decide to trade via internet, mail or phone order it is important to understand how to minimize the additional fraud risk this may create within your business.
Contact your Card Processor in advance of trading through internet, mail or phone
In advance of offering your customers internet, mail or phone order options it is important to ensure that you have the correct terms in place with your Card Processor (if you are a face-to-face shop, you can’t simply start accepting cards over the internet without revising your terms with your processor).
Engaging in ecommerce or accepting cards over the phone or by mail should not mean that you lose out to the criminals who seek to abuse the card payments system. However, the problem in countering Card Not Present fraud lies in the fact that neither the card nor the cardholder is present for the sale. This means that:
- Businesses that accept cards in a CNP environment are unable to check the physical security features of the card to determine if it is genuine or not
- Without a PIN or signature it is not easy to verify that the customer is the genuine cardholder
- Card issuers cannot guarantee that the information provided in a card-not-present environment has been given by the genuine cardholder
Liability for fraudulent CNP transactions
Remember, you can be held financially accountable for an unsecured fraudulent transaction, even if the card issuer has provided an authorisation code during the sale. The authorisation from the card issuer confirms that funds are available to cover the sale amount and that the card was not reported lost or stolen at the time of the transaction. It is the Retailers responsibility to ensure that the genuine cardholder is carrying out the sale.
It should be noted that merchants who accept CNP card sales in a 3D Secure environment are much more secure and are protected against fraud-related chargebacks.
To protect your business against CNP fraud, there are a number of simple guidelines which, if followed, will help stop fraudulent transactions from the outset. These straightforward steps will allow you to determine whether or not a card or the cardholder is genuine. We recommend that these guidelines be incorporated into regular staff training programs