EMV chips made credit and debit cards safer, but unfortunately, the built-in security of these cards is only useful for in-person transactions. Because of that, fraud related to card-not-present (CNP) transactions has increased substantially over the last few years. In 2016 alone, CNP fraud increased by 42%, and card issuers bear 72% of the costs of most fraud-related losses.
CNP transactions occur when the merchant cannot physically see the credit or debit card used to make the purchase.
A card-not-present (CNP) transaction occurs when neither the cardholder nor the credit card is physically present at the time of the transaction. It’s most common for orders that happen remotely — over the phone or by fax, internet, or mail.
In most cases, we place an order online with eCommerce sites, when the buyer is in one place, seller in other place. Also, we place standing instructions for routine payments of bills through credit cards. These all transactions are Card-Not-Present Transaction.
A transaction is only considered to be “card present” if payment details are captured in person, at the time of the sale. This occurs when cards are physically swiped, tapped, or dipped through a reader or if an EMV chip is processed.
The card associations created this term to help identify these transactions because CNP situations tend to be where the majority of fraudulent activity occurs
Processing of Card-not-present transaction
When a customer makes a payment at the checkout of your online store or over the phone to complete a transaction, your system needs to perform the following actions:
Collect the payment information. At a minimum, the following information needs to be submitted with each sales transaction:
- The cardholder’s name, card account number and expiration date.
- The cardholder’s full billing address and the shipping address (if applicable).
- The payment date.
- The total amount of the payment, including all applicable taxes and gratuities purchased on the card.
- A mutually acceptable description of the products or services purchased by the cardholder.
Authorization of Card-not-present transaction
Authorization is the process of obtaining permission from the card-issuing bank to accept the card for payment and should be obtained for all card-not-present transactions. The process followed is:
1. When Card details are submitted by the buyer to the e-commerce site, the seller requests the authorization from the merchant bank.
2. Merchant Bank submits the authorization request to the credit card Network.
3. The Credit Card network sends a request to the card issuer.
4. The card issuer approves or decline the request.
5. The credit card network forwards the card issuers’ authentication response to Merchant Bank.
6. Merchant bank forwards the response to the e-commerce site, the seller.
7. The seller communicates to the buyer accordingly and completes the transaction.
Modes of Card-not-present transaction Frauds
As fraudsters switch focus back to card-not-present schemes, research from consultancy Aite Group indicates that CNP fraud will soon outpace card-present fraud in the U.S. by a three-to-one margin. Globally, payments provider ACI Worldwide saw a 30 percent increase in CNP fraud in the first half of 2015. And ACI found that approximately 1.2 percent of all CNP transactions conducted between January and July 2015 were fraudulent.
CNP frauds happen when your card details are stolen, In such case, anyone can make transactions online. Accepting payment cards remotely allows merchants to reach more consumers…but again, it also makes their transactions far more vulnerable to fraud.
To avoid CNP frauds, in addition to the above details of cards, one should also collect
1.The email address of the cardholder,
2.Billing address
3. Information about the device used to log in
4.IP address
5.Mobile No
Phone numbers or email addresses can go a long way in filtering out bad agents.
Sometimes, fraudsters will use you to “test a card”, usually by purchasing inexpensive items or services.
Of course, if the transaction goes through, fraudsters could very well use the same stolen card to purchase more expensive items, which will damage your business eventually due to the fraudulent use of stolen cards.